|
|
|
|
|
|
by kortex
1059 days ago
|
|
|
> the TOTP _key/seed_ is quite similar to a password It's not though. The whole point is the secret moves once, from server to client (ignoring user exports and whatnot). Pass(word|key)s are basic authentication, and so have to be transmitted with every request. That's a huge difference in surface area. Also they are guaranteed to be high entropy, unlike user-picked passwords with no filter. |
|
|