Software authenticator, seriously locked to 1 device?

[Deceptus]

So my wow authenticator is not only more convenient in that i dont have to enter it EVERY TIME (but thats another discussion alltogether and I can get past that easier than this)

but it also allows me to have it on my iphone AND my ipad.

Now i may be incorrect, and it may in fact be possible - but I cant figure it out thus far.

Anyone care to confirm or deny for me before I move on?

The whole point of an authenticator is it's supposed to authenticate you and you only. If it was allowed on multiple devices they can't be sure it's YOU.

As for the having to enter it EVERY TIME, again, that's the point of 2 step verification.

[MsQi]

The whole point of an authenticator is it's supposed to authenticate you and you only. If it was allowed on multiple devices they can't be sure it's YOU.

As for the having to enter it EVERY TIME, again, that's the point of 2 step verification.

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

[Legion88]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

And why? It could be different persons on the same PC.
And with the option to save passwords for convinience it should be necessary to have follow up step to make sure it is the right person trying to log in.

[MsQi]

And why? It could be different persons on the same PC.
And with the option to save passwords for convinience it should be necessary to have follow up step to make sure it is the right person trying to log in.

But it doesn't save your password. You have to enter both every time.

It could be a different person using your phone. These aren't here to protect you from theft, brake in or your own mistakes.

[SamSmoot]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

And, when it does need to authenticate, your phone's app checks back with the server when it starts to see if there's a request pending, and if so, just lets you tap a button instead of entering a number. (I assume it transfers the number directly, to prove it's you.) If your phone has no internet connection at the time, then the app can still generate a number to enter.

[Kaedan]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

If it wasn't possible for someone to spoof your device and spoof you IP... which is actually is.

That's why people who set their 2 step identification for "make his device safe for a month" still get their accounts hacked. And then they wonder how they got their account hacked...

[SamSmoot]

The stupid thing is that both my game accounts have an authenticator option, but it's nearly impossible to find a BANK that has this..

[tdb]

If it wasn't possible for someone to spoof your device and spoof you IP... which is actually is.

Spoofing an arbitrary IP for two-way communications is actually really hard. You basically need to have ISP-level (or maybe deeper) access to the Internet backbone so you can alter routing tables and have the traffic directed to you instead of the rightful holder of the IP.

Many ISPs give dynamic IP addresses to their clients, so if you're using the same ISP and are geographically reasonably close to your target (so as to be in the same address pool) it's possible to get the same address they used previously. However it's still damn near impossible to get just the right address at just the right time to take over the target's game account.