> Because the code is sent to a device Google know you have had physical pos... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cryptoz on Feb 25, 2013 \| parent \| context \| favorite \| on: Bypassing Google’s Two-Factor Authentication > Because the code is sent to a device Google know you have had physical possession of in the past. It's either sent by SMS, voice call, or to a pre-registered mobile app. None of those connect to device you've had "physical possession in the past". Only the present. Phone calls, SMS and apps are all portable across hardware.

Sidnicious on Feb 25, 2013 [–]

At least on iOS, the Google Authenticator app doesn't allow its tokens to be backed up or transferred.

chirayuk on Feb 26, 2013 | [–]

For TOTP, you can have the same account on more than one device (I do for convenience). All you need is the initial seed which you can either enter manually, or scan the barcode using more than one device.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact