|
|
|
|
|
|
by bawolff
1721 days ago
|
|
|
> The REAL benefit of TOTP is that it's time sensitive. If someone does have your password and TOTP code over the wire, they cannot repeat the attack. Instead they just have your session cookie, which probably doesn't expire for six months. The real benefit of 2FA is unlike passwords, users cannot make stupid choices, like use the same one for multiple websites or the password "password". The User is usually the weakest link, 2FA reduces reliance on the user behaving appropriately. |
|
|