(This is unlike typical password usage where the password is transmitted over the net, and so depends on other protections, such as TLS). The long term secret is not transmitted when it is actually used. With TOTP get a long term secret that is only transmitted (typically the QR code), when you enroll. Long term secret isn't transmitted during authentication. So I am going to list a few of the security properties you get with TOTP and contrast them with typical password use.
Security benefits of TOTP (contrasted with typical password use) Don't get led astray that this all goes under the term "2FA", as if that is the only security benefit you get from these schemes.
The "second factorness" of TOTP one of several security properties it offers, and it may be the least important in many cases. The answer depends on what security properties you actually want from time-based one time passwords (TOTP). I work for 1Password, and I wrote exactly about this question when we introduced the feature.
0 kommentar(er)
