|
|
|
|
|
|
by w8rbt
2669 days ago
|
|
|
Store your TOTP secrets PGP or NaCL encrypted. I have done this for years. You'd have to get my private key (off of a smartcard) and get my private key password (out of my head) to decrypt my TOTP secrets before you could use my TOTP generated codes. I have much more faith in this approach than I do Android apps. $ gpg -d encrypted-secret.txt | goathgen
|
|
|
Having your TOTP secrets on a unique device means that an attacker in that scenario (access to your endpoint) could steal a single TOTP code for the single site, but wouldn’t be able to steal the seed secret itself.