Two-factor auth with public-key cryptography

The request will contain the public key of the new device and will ask if this request should be accepted:

If the request is accepted, the authenticated device will encrypt the user’s private key using the new device’s public key and transmit this packet to the new device. The new device will decrypt the user private key and replace its keypair with the valid keys, thus authenticating this device and receiving the user keypair at the same time. With the valid keys, the new device is able to decrypt group chat messages received from the server and send new messages under a single identity between devices.

Source: www.kenforthewin.com