|
|
|
|
|
|
by fmajid
1245 days ago
|
|
|
TOTP in another app is not more secure because TOTP is not secure (not phishing-resistant against real-time proxy attacks even script kiddies can pull off thanks to Evilginx). FIDO2 and FIDO U2F are phishing-resistant, but almost nobody implements them, preferring security theater, and even when they do, not correctly (e.g. PayPal only allowing you to use one key, so if it gets broken or lost you are SOL). |
|
|