23 Mar
2020
23 Mar
'20
4:39 p.m.
On Monday, 23 March, 2020 14:21, Peter Beckman <beckman@angryox.com> wrote:
Software-based TOTP offer more security than no one-time passwords, but admittedly less than the physical tokens. Google Authenticator, Authy, 1Password, LastPass all support TOTP.
Hardware tokens are nothing more than dedicated hardware TOTP devices with perhaps a few additional parameters programmed at manufacturing time. Example, RSAID keyfobs are nothing more than TOTP generators with manufacturer programmed secrets and dedicated clock and display hardware with no external interface which permits access to the secret. -- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.