Do not openly display the security code for providers (?) #36
Description
Currently providers can just display the security code in the app to write it down. As this is a security risk we should maybe make this more difficult by e.g. protecting the code with a passphrase.
However, since the app currently performs regular encrypted cloud backups of the local secret data the security code or the secrets derived from it need to be present in the app, so a sophisticated adversary can simply extract them from there.