|
|
|
|
|
|
by mastahyeti
3255 days ago
|
|
|
I think the greatest practical threat to TOTP is phishing. U2F, regardless of where keys are stored, binds a keypair to an origin. Only authentication requests from `github.com` can use the `github.com` keys. For my money, any U2F implementation is a win over any TOTP. |
|
|