|
|
|
|
|
|
by tomstuart
1468 days ago
|
|
|
You need somewhere to physically store a secret, plus the ability to do some computation to turn that secret into a time-based one-time code. A lot of people do use their phone, but there’s nothing to stop you using a dedicated hardware token, or conversely just your computer (e.g. 1Password [0]) if you’re comfortable with keeping all your secrets in the same place. Naturally there are security/convenience tradeoffs however you do it. The important thing is that, unlike with passwords, you never send the secret over the wire. [0] https://blog.1password.com/totp-and-1password/#totp-isnt-the... |
|
|