Software authenticator, seriously locked to 1 device?

[klepp0609]

So my wow authenticator is not only more convenient in that i dont have to enter it EVERY TIME (but thats another discussion alltogether and I can get past that easier than this)

but it also allows me to have it on my iphone AND my ipad.

Now i may be incorrect, and it may in fact be possible - but I cant figure it out thus far.

Anyone care to confirm or deny for me before I move on?

[Deceptus]

So my wow authenticator is not only more convenient in that i dont have to enter it EVERY TIME (but thats another discussion alltogether and I can get past that easier than this)

but it also allows me to have it on my iphone AND my ipad.

Now i may be incorrect, and it may in fact be possible - but I cant figure it out thus far.

Anyone care to confirm or deny for me before I move on?

The whole point of an authenticator is it's supposed to authenticate you and you only. If it was allowed on multiple devices they can't be sure it's YOU.

As for the having to enter it EVERY TIME, again, that's the point of 2 step verification.

[MsQi]

The whole point of an authenticator is it's supposed to authenticate you and you only. If it was allowed on multiple devices they can't be sure it's YOU.

As for the having to enter it EVERY TIME, again, that's the point of 2 step verification.

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

[Legion88]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

And why? It could be different persons on the same PC.
And with the option to save passwords for convinience it should be necessary to have follow up step to make sure it is the right person trying to log in.

[klepp0609]

chances of someone not only having my account password, but being at my pc to login without my knowing is nil. Moot point. Id take the convenience any day.

Still - ive sucked that up at this point.

What this is about is the inability to add the auth to my tablet. Ironically blizzard (who i loathe) but who has just as many if not more subs, has been in the game just as long if not longer, who makes just as much, if not more money - seems to have 0 issues with both of the aforementioned (multiple devices and saving auth based on mac or hwid or however they do).

Ultimately not here to rant about it, im sure we're all of sound enough mind to realize that wont get anything fixed. Simply wanted to know if there was in fact a way to avoid having to choose between keeping either my tablet or my phone nearby (cause ironically enough - apple who eclipses them both, is okay with having them linked in every single way)

[MsQi]

And why? It could be different persons on the same PC.
And with the option to save passwords for convinience it should be necessary to have follow up step to make sure it is the right person trying to log in.

But it doesn't save your password. You have to enter both every time.

It could be a different person using your phone. These aren't here to protect you from theft, brake in or your own mistakes.

[Dualgunner]

Security and convenience are on opposite sides of a spectrum.

[Ladon]

Yes, the SE token is poorly implemented. It’s not insecure but it does leave a lot to be desired for usability.

They tie the certificate to the device ID which is just silly these days as not only does this prevent multi-device registration options (which all modern MFA solutions: Duo, Okta, Google Authenticator) but I’m sure many of you have experienced the need to re-register the soft token if you restore from a backup or get a new device.

There are better ways to do this now that allows you to register on multiple devices while making sure it’s a device you own.

I would not be in favor of not prompting for MFA every log in like Blizzard allows. There are plenty of ways this can be exploited though you would have to be part of a targeted attack. However they could implement a MFA push so that you just have to accept to decline a log in rather than having to fire up the token app and put in a code every time.

[SamSmoot]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

And, when it does need to authenticate, your phone's app checks back with the server when it starts to see if there's a request pending, and if so, just lets you tap a button instead of entering a number. (I assume it transfers the number directly, to prove it's you.) If your phone has no internet connection at the time, then the app can still generate a number to enter.

[Kaedan]

No not really. If the same computers on the same IP is logging in it's perfectly fine for it to be occasional.

If it wasn't possible for someone to spoof your device and spoof you IP... which is actually is.

That's why people who set their 2 step identification for "make his device safe for a month" still get their accounts hacked. And then they wonder how they got their account hacked...