Is it possible to bypass two factor authentication?
#11
(04-21-2019, 08:34 PM)QMark Wrote: So what happens if the person switches from iPhone to Android? Will they be able to access their authy on a new phone?

I'm just hypothesising, because, as I said - I'm not privy to authy specific design. I don't actually use the app either.

That said, there's 2 scenarios off the top of my head that would address this.

1. You have an authy account that you sign in to. the seed created is uploaded to your account. On subsequent installs on other devices you sign in, and the app obtains the same initial seed used by your account for that service. It can then generate an acceptable code.

2. If you don't have an account, then each time you set up authy on a device you'd configure it to use with the service you want. that might mean that facebook will accept multiple codes - one for each device.

And im sure there are other ways as well. these are just the two most obvious possible solutions to address multiple devices. Smarter people than I work on shit like this lol.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Simple Trick to Bypass File Upload Problem abaykan 2 6,643 05-02-2018, 01:33 PM
Last Post: abaykan
  Bypass LFI filter with double encoding peanutbutter 1 8,407 12-12-2017, 06:46 AM
Last Post: blahblahblah
  Possible way to bypass Apache Mod_Security? oxid 1 7,427 08-05-2017, 09:27 PM
Last Post: lunorian
  Client side authentication in real world cyborgs.txt 5 6,713 10-03-2016, 08:01 PM
Last Post: enmafia2