alt Hacker NewsThe problem with TOTP is that it isn’t a second factor. It’s like Kerberos for the web. Passkeys are similar, only allow hardware devices with PIN.
The problem with TOTP is that it isn’t a second factor. It’s like Kerberos for the web. Passkeys are similar, only allow hardware devices with PIN.
How is it not a second factor ?
It's something else that is unrelated to your password that you have to provide in order to log in, is that not the definition of a factor of authentication ?
Because it's phishable ?