undefined | Better HN

0 pointsJohnny5551y ago0 comments

Doesn't "old android phone" also mean one that's no longer getting security updates? Probably not what you want on a phone that hosts your TOTP tokens.

0 comments

fragmede1y ago

if you don't run random apps and or use it for web browsing, and block incoming sms, a standalone device would have a smaller attack surface. if you really wanted to be paranoid, TOTP is computed off the time and a seed value and doesn't need Internet access, so the standalone device could have the cell modem and wifi disabled to reduce the attack surface even more.

sjducb1y ago

Good point.

j / k navigate · click thread line to collapse

0 pointsJohnny5551y ago0 comments

Doesn't "old android phone" also mean one that's no longer getting security updates? Probably not what you want on a phone that hosts your TOTP tokens.

0 comments

fragmede1y ago

sjducb1y ago

Good point.

j / k navigate · click thread line to collapse