|
|
|
|
|
|
by dogacel
432 days ago
|
|
|
Agree and disagree, Deciding on how to store the credentials is still a hard task. Even storing the secret. Ideally it shouldn't stay as a plain text in your database. If you use cloud, something like KMS can be used for additional security. Also you should still consider replay attacks, rate limits etc. I agree in the sense that TOTP is hard to implement, no it is not. I hope this article helped people understand how TOTP works. |
|
|