|
|
|
|
|
|
by EthanHeilman
2297 days ago
|
|
|
>When sites offer both, choose U2F. When sites offer TOTP only, use it. This, 100% In some sense TOTP, basically HMAC, seems like it would be harder to screw up than a public key system. RSA is amazingly hard to get right. I wonder if the order of preference should be: 1. U2F ECDSA/EdDSA 2. TOTP 3. U2F RSA
...
Infinity. SMS 2FA No idea where ECDAA [0] fits. [0]: https://paragonie.com/blog/2018/08/security-concerns-surroun... |
|
|