Hacker News new | ask | show | jobs
by philsnow 3189 days ago
> I can make backups with `adb`

does it follow that an attacker can make a "backup" of your 2fa codes as well, if they get ahold of your phone for a minute or two?
3 comments
scrollaway 3189 days ago
Physical device access is where this kind of security ends. If someone stealing your phone just to get your 2fa codes is a threat vector for you, you should be using different/additional factors.

In any event, as was pointed out, adb needs usb debugging turned on, which needs the device unlocked to be enabled.

link
veeti 3189 days ago
You need to authorize each adb key on the phone, so a screen lock prevents this.
link
craftyguy 3189 days ago
No, because you can (and should) disable usb connectivity/debugging.
link