![]() I have a 2:5 win/loss ratio when I had to play that game. Have you ever tried to regain access to an account once you lost your two-factor authentication secret? I have. I have 17 Google Authenticator “secrets” on my device for 17 services across my personal services and several clients’ access. So why do I go to such extremes? Google’s very own security supplies a way for you to move your secret (a new secret) to a new device, a process I consider the absolute model of perfection of moving your secrets. When done, wipe the USB stick (or write an ISO to it, which I do very very often). Do my thing on the device and when ready, push it back from the USB stick to my device. Me? I always copy directly from my device to a USB stick. Not only have you given your cloud provider access to your secrets (that is now backed up and replicated on their systems) but, if hackers gain access to your cloud platform (which several have Undelete options!), that’s game over man. This is true as it could lead to you leaking your secrets by, say, copying the file to your cloud storage to sync to another device. Google has stated (insert ref here) that you should not be copying your Google Authenticator’s databases from device to device. Google’s Warning: Stay away from GA’s Databases! I use custom bootloaders to gain access to the device in the event of a MMC failure (has happened once, I was able to get important data off of it before it totally was lost).Įncryption is used because, well, I’m just paranoid like that. ![]() What a PITA.īut these annoyances have afforded me the luxury of learning more details about the apps and system processes, along with their configurations. I also encrypt my device which further mandates a factor reset upon unlocking and locking to regain root access. The reason I have to do this is because I run a custom bootloader. I am forced to backup my configurations first, upgrade the device and then restore my configurations after the apps are reloaded. So when an Android update comes out, I can not update. In this post, I explain some technical details about this database and how you can exploit the details for your gain (from an Android’s perspective). Typically you only run it on one device because the secrets you store in its databases cannot be shared between devices. Google Authenticator is a two-factor application that runs on your mobile or tablet device. In hardware, technology Google Authenticator's Databases: Copy, Move and Fix Eric Duncan spawning a race of beings Aug 31 st, 2015 by Eric Duncan
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |