I am in the middle of securing all my accounts with new passwords + 2FA where it's possible, and a question came up in my head:
If I set up 2FA authentication on a website (with an app like Google Authenticator) then will this website receive any kind of ID from the mobile device that could be used to track me?
Will I be able to set up another account on the same website, where I also set up 2FA authentication, and I use the same mobile device to generate the codes?
When you setup 2FA on a site using Google Authenticator you scan a QR code to add the site to the app. That QR code contains a secret that is unique to your account and is used to generate the code in the app and the website so they agree.
The QR code should also include some other details about your account, including a label and an account identifier. These details are used to disambiguate accounts within your authenticator app, so if you were to set up another account on the same website you should be able to save it to your authenticator app and use it separately to your original account.
