|
|
|
|
|
|
by dwaite
2887 days ago
|
|
|
TOTP can protect against knowledge leakage as it is a second factor. For example, it will prevent someone successfully using a shared password a LinkedIn, associated with a corporate email address, to log into Gmail/O365. It doesn't prevent any sort of active phishing campaign, because the login process can just ask for and immediately use the TOTP credential. User gets a possible failure (or just content based on what they thought they were accessing), phisher gets account access. |
|
|