On 8/31/24 16:51, John Levine via mailop wrote:
It appears that Matthew Richardson via mailop <matthe...@itconsult.co.uk> said:
TOTP is based on a shared secret which is (depending upon TOTP client)
straightford to extract and retain securely for the long term.
Does anyone see any flaw in this approach, or in the longevity of TOTP?
I think it's the best we can do these days although of course a sufficiently
clever piece of malware could steal your TOTP seeds along with your passwords.
They can only if TOTP secret is stored alongside with password, which is not
the best practice obviously
--
Send unsolicited bulk mail to carl...@at.encryp.ch
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
