On 8/31/24 16:51, John Levine via mailop wrote:
It appears that Matthew Richardson via mailop <[email protected]> said:
TOTP is based on a shared secret which is (depending upon TOTP client)
straightford to extract and retain securely for the long term.
Does anyone see any flaw in this approach, or in the longevity of TOTP?
I think it's the best we can do these days although of course a sufficiently
clever piece of malware could steal your TOTP seeds along with your passwords.
They can only if TOTP secret is stored alongside with password, which is not
the best practice obviously
--
Send unsolicited bulk mail to [email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
