You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 6, 2021. It is now read-only.
Original issue 178 created by jago25 on 2012-05-16T12:29:09.000Z:
What steps will reproduce the problem?
Go to 2-step verificationStatus: ON > edit
The only option is to be able to remove the device you already have registered
What is the expected output? What do you see instead?
Revoke the current device or add an additional one.
What version of the product are you using? On what operating system?
Android.
Please provide any additional information below.
I have 2 or 3 Android devices but it's possible some people might have more. For example a tablet, a laptop, a phone, a phone just for work, an old j2me phone in the car.
At the moment we have to choose which to install Google Auth onto. While this is good for simplicity it's a bummer if you use one phone during the week and then another for business trips.
Here's a tip if you want to do this now:
delete and reinit you 2 devices at the same time.
Bear in mind that the more devices you have registered then the more these devices could be used by someone to help them login to your account.
The text was updated successfully, but these errors were encountered:
Comment #1 originally posted by markus@google.com on 2012-05-16T16:49:19.000Z:
You actually provide a really good summary of how things work and of the pros and cons of these policy decisions.
On google.com, the Google Authenticator operates in TOTP mode. That means, unlike HOTP mode, it is theoretically possible to generate tokens from multiple devices. From a security policy point of view, it is not necessarily desirable to have multiple devices that do so. In particular, it is not desirable for users to add their account to a new device and to forget that they still have an old device that can also generate tokens, as this old device might eventually find its way into the hands of an adversary.
Considering all the trade-offs, and considering the fact that many users only ever use a single device, a policy decision was made. That's why google.com will not allow you to (easily) add your account to more than one device.
We do realize though that there are power users who understand how tokens work, who are (hopefully) responsible about using their devices, and who understand the higher security risks that they expose themselves to. While we do not officially encourage or support this configuration, there is nothing that stops these users from registering multiple devices at the same time.
While it is a slight nuisance that you need to revoke and then re-enable two-factor authentication each time you want to add a device, there is actually a security benefit to doing so; it ensures that you are still in physical possession of all your devices.
It is always possible that these policies will be fine-tuned at some point. And I am not really privy to that decision. But for now, I don't expect things to change drastically in either direction. Thus I am closing your report with "working as intended".
Original issue 178 created by jago25 on 2012-05-16T12:29:09.000Z:
What steps will reproduce the problem?
What is the expected output? What do you see instead?
Revoke the current device or add an additional one.
What version of the product are you using? On what operating system?
Android.
Please provide any additional information below.
I have 2 or 3 Android devices but it's possible some people might have more. For example a tablet, a laptop, a phone, a phone just for work, an old j2me phone in the car.
At the moment we have to choose which to install Google Auth onto. While this is good for simplicity it's a bummer if you use one phone during the week and then another for business trips.
Here's a tip if you want to do this now:
Bear in mind that the more devices you have registered then the more these devices could be used by someone to help them login to your account.
The text was updated successfully, but these errors were encountered: