this post was submitted on 02 Jul 2024
26 points (90.6% liked)

Privacy

31872 readers
494 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Isn't the value of two factor auth that it requires a physical device (your phone or computer) with the auth key to authenticate you? Then why don't many two factor auth apps seem to support syncing? If it's fine to do so, are there any open source cross platform apps that sync keys?

you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.world 8 points 4 months ago (2 children)

It's considered bad form to do what you're asking but most 2fa apps have a backup restore scheme now. Is that enough?

[–] solrize@lemmy.world 2 points 4 months ago

A physical token only authenticates itself as "something you have" if there's no way to extract the key from it. In practice non-hardcore deployments usually have a backup procedure but in principle, if you want multiple tokens, they should have separate keys. What you're asking in simplest form involves storing the key on a server where it can potentially spill in a server breach or the like. If the key protects something very valuable, that can be dangerous. If it's for your old Reddit account, you might decide to do it anyway.

[–] DonnerWolfBach@feddit.de 2 points 4 months ago

Why exactly is that? Because it's reduced security?