undefined | Better HN

0 pointsdavchana5y ago0 comments

Oh no, the string and/or QR code should be backed up when one is setting up the 2FA.

If you have that seed phrase, & any device with correct time can calculate the TOTP code, even a simple local javascript app.

Obviously that phrase leaked would mean hacker can also generate codes. So that's why those phrases should be kept extra safe, away from normal passwords.

0 comments

davchanaOP5y ago

HN died on me before I was able to add the link of little utility I cooked to readd those totp seed phrases: https://spa.bydav.in/otp.html

j / k navigate · click thread line to collapse

0 pointsdavchana5y ago0 comments

Oh no, the string and/or QR code should be backed up when one is setting up the 2FA.

If you have that seed phrase, & any device with correct time can calculate the TOTP code, even a simple local javascript app.

Obviously that phrase leaked would mean hacker can also generate codes. So that's why those phrases should be kept extra safe, away from normal passwords.

0 comments

davchanaOP5y ago

HN died on me before I was able to add the link of little utility I cooked to readd those totp seed phrases: https://spa.bydav.in/otp.html

j / k navigate · click thread line to collapse