GreySec Forums

Full Version: Is it possible to bypass two factor authentication?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
(04-21-2019, 08:34 PM)QMark Wrote: [ -> ]So what happens if the person switches from iPhone to Android? Will they be able to access their authy on a new phone?

I'm just hypothesising, because, as I said - I'm not privy to authy specific design. I don't actually use the app either.

That said, there's 2 scenarios off the top of my head that would address this.

1. You have an authy account that you sign in to. the seed created is uploaded to your account. On subsequent installs on other devices you sign in, and the app obtains the same initial seed used by your account for that service. It can then generate an acceptable code.

2. If you don't have an account, then each time you set up authy on a device you'd configure it to use with the service you want. that might mean that facebook will accept multiple codes - one for each device.

And im sure there are other ways as well. these are just the two most obvious possible solutions to address multiple devices. Smarter people than I work on shit like this lol.
Pages: 1 2