|
|
|
|
|
|
by SpaethCo
2886 days ago
|
|
|
> TOTP is very useful! Just use a TOTP authenticator app on your phone, and don't put them in 1Password. I was fully in that camp before I started talking with friends on red teams that were allowed to actually start using realistic phishing campaigns. Now I'm fully in the "U2F, client certs, or don't bother" camp. Maybe I'm jaded, but it feels like the exploit landscape has improved enough that TOTP is as hopeless as enabling WEP on a present-day wireless network. Not only does setting it up waste your time, you're presumably doing so because you have the false belief it will actually offer protection from something. It may have been useful at one point, but those days are disappearing in the rearview mirror. The only place I see TOTP still offering value is for people who re-use passwords, but only because it becomes the single site-unique factor for authentication. |
|
|