[Offline app with 2FA]

Quote

First lets make one thing clear, if its offline and is a useful software, there ARE going to be cracked versions of it anyway no matter what you do. There are great many examples of crackers which can patch almost all versions of offline softwares. However some ways I can suggest you.

- Do not copy/reuse any code (especially authentication part) from other softwares, this will make you more vulnerable.
- Use custom seeders, so that your software cannot be easily reverse engineered.
- 2FA isn't going to help you for offline apps. So it is almost useless doing that.
- Plus and most importantly, try releasing free versions of your software with most features, only reserve some extraordinary features for the commercial version (make sure the free version is more protected and more structurally authenticated and looked after better). People tend to crack your software less when you already have most features in your free versions.

I'm gathering information of how to authenticate offline system. My first intentions was to implement 2FA usb key, but what I have gathered it seems that the best way to authenticate user is by hardware fingerprinting. But I want to know how 2FA usb key can be bypassed and why it's secure.

[Offline app with 2FA]

Hello, everyone,
someone has mentioned that 2FA keys for offline systems are useless. I would like to know why and how it could be bypassed easily?

[Offline server authenticating method]

Hello, fellas security people,

I would like to know the best way to authenticate offline software. We would like to sell our client our server software, but we want to ensure that this software would not be duplicated or used by non authorized  users.

We are thinking about usb authentication key, but I want to know how other people think about this problem.