Y
Hacker News
new
|
ask
|
show
|
jobs
by
teeray
720 days ago
I mean specifically OATH TOTP—nothing involving SMS. In this threat model, an attacker would not have a phone number or email address for the target—only a username and their stolen password (from a breach).