Why couldn't we combine the two? Make TOTP based on a higher-entropy secret with... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		_Algernon_ 6 months ago \| parent \| context \| favorite \| on: Playing with more user-friendly methods for multi-... Why couldn't we combine the two? Make TOTP based on a higher-entropy secret with longer generated codes the only factor. This would prevent replay attacks of entered passwords, thus protecting against phishing, and ensure users have safe secrets (since the site generates the secret).

BlackFly 6 months ago [–]

That's my preference. For some things I would be willing to have the increased security of a genuinely separate device.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact