Hacker News new | past | comments | ask | show | jobs | submit login

It does by the fact that you trust your new device on first use to be yours. You can wipe application data once you close the app if you want to go trough 2FA every launch.



Does that mean you go through an extra authentication flow to enroll the new device? Otherwise it's not 2FA, it's just telling you after the fact that someone got into your account.


Yes you have to authenticate any new devices from one of your existing devices.


Last week, I logged into Keybase from a brand new iPad without any authentication challenge from a trusted device. As far as I can tell, there is no second factor.


If you log into the website, there is no second factor. If you already trusted a device, there isn't a seecond factor either.


Did you use a paper key?


Just used username and password.


That's weird. Almost all the nodes on your graph are signed by your PGP key 'F155E778FA657400' or the paper key 'above sleep'. The rest were signed by other devices, or were the original node...

https://keybase.io/gluecode/graph


I did the same thing via browser on a new laptop. Just l/p


Logging into new devices does not ask for a second factor. I’ve verified this last week when I got a new iPad.


It requires you to trust your new iPad from another device, in addition to the password. That's 2FA.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: