JeNeSuisPasDave
commented
5 years ago This software does not communicate with any server. The clientID is the name that you give to a TOTP/HOTP code generator. It is just a user-friendly name that you make up.
The website will have know way of knowing what software or computer is generating the passcodes at all, much less whether the same software instance is generating codes for two accounts authenticated by that website.
I have many Google accounts; each has their own one-time password secret key, each designated by a sufficiently unique client Id that I use to distinguish them. Google doesn't know if I'm using this Authenticator package on my laptop or Google Authenticator on my phone.
So I think you won't get caught this way. :-)
Xbeninni
Hi,
I can see there is
clientIdin data.py line 315 identifying the client. I was wondering if this software sending anything back to the server. For example, if I have two accounts with the same website (server). Is there any way the website (server) knows that both accounts are using the same TOTP app? I guess the answer is no, because I couldn't see an URI anywhere returning data to a server. I just wanted to confirm. Thank you very much!