|
|
|
|
|
|
by lxgr
607 days ago
|
|
|
That's great for you, but also a sample size of one (probably technically sophisticated) user, i.e. irrelevant to the bigger picture. The phishability of TOTP really is exactly as bad as that of passwords, except that a once-phished TOTP isn't reusable by the attacker(s), unlike a phished password. But even one-time access is often catastrophic, especially if it allows the attacker to rotate credentials. |
|
|