On Fri, Jul 28, 2017 at 12:39 PM, <[email protected]> wrote: > Pretty much what I ran into with one clarifiation: > > As far as I know, there's nothing preventing you from installing the app on > multiple devices and entering the same code into both separately. The > obvious drawback is you now have to maintain control of multiple device > constantly in order for the second factor to actually enhance security. >
This is certainly true for TOTP codes, which are most prevalent, though Google Authenticator also supports HOTP, in which case there's a sequence number that won't be kept in sync between the devices. > Thanks, > > > On Fri, Jul 28, 2017 at 11:05:07AM -0500, Joe Fruchey wrote: >> I use Google Authenticator. I don't think you can have multiple devices >> active concurrently, nor can you export the keys. I think the proper way >> to transfer to a new device is to decomm the old one by disabling 2FA, >> then set it up again on the new device. One way to avoid this is to >> print/save the QR code on the initial setup, but once it's gone, there's >> no way to retrieve it. >> On Fri, Jul 28, 2017 at 10:14 AM, <[1][email protected]> >> wrote: >> >> We recently were forced to start using 2FA for a service at work and, >> as I agree with the practice (at least in principal), I started using >> Google Authenticator for several other services, including sudo on a >> couple of Linux boxes I have. >> >> Now I'm facing a phone that desperately needs to be replaced but >> authenticator codes locked into the software on that one device. I know >> I can get new codes for all of my existing services and just set it up >> fresh on a new device but I'm curious how that's "normally" handled. I >> wouldn't necessarily have that option if I chucked my phone into a brick >> wall as I have been sorely tempted to do on multiple occassions lately. >> >> Do you backup your authenticator keys somewhere? If so, how? >> >> Set it up on multiple devices under the assumption that at least will be >> functional long enough to reset codes with the services? >> >> Do you avoid 2FA specifically because of this issue? >> >> Something else totally obvious that I just missed? >> >> Thanks, >> >> Bill >> >> _______________________________________________ >> General mailing list >> [2][email protected] >> [3]http://brlug.net/mailman/listinfo/general_brlug.net >> >> References >> >> Visible links >> 1. mailto:[email protected] >> 2. mailto:[email protected] >> 3. http://brlug.net/mailman/listinfo/general_brlug.net > >> _______________________________________________ >> General mailing list >> [email protected] >> http://brlug.net/mailman/listinfo/general_brlug.net > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
