For example, given a Yubikey which generates OATH codes (such as with the command ykman oath accounts code 'accountname'), and two different accounts set up on that Yubikey, can a given website/provider (or two different sites under the control of a single person/company) know that 2FA authentications for those different accounts are being done with the same physical Yubikey?
Asked
Active
Viewed 16 times
0
Pistos
- 101
- 2
-
2No. Every account have an unique key. It's not possible to know if they are from the same key, from another key, or from a simulator. – ThoriumBR Aug 05 '22 at 20:38