Hacker News new | ask | show | jobs
by esseph 323 days ago
Zero days exist, and something like tapjacking can be used to obscure and capture those TOTPs.

Don't use TOTPs if you have an option to use Passkeys/WebAuthN

Short video example: https://taptrap.click/