undefined | Better HN

0 pointsrustcleaner1y ago0 comments

TOTP is so good, it should be treated equally to or superior than phone number or e-mail as a requirement, by regulation, as an option for any site conducting business in US Dollars. E-mail is terrible for secure authentication. Banks have had plenty of time to implement this and haven't. TOTP can eliminate the password altogether, and make login usernames long-lived long TOTP or HOTP codes and I have just solved the terrible passkey problem!

0 comments

AnthonyMouse1y ago

Email is pretty reasonable for secure authentication. All but the most anachronistic mail servers use TLS these days and you're under no obligation to use any of the few that don't. The notion that email is insecure is from the old days when the links weren't encrypted.

SMS, on the other hand, is an abomination to this very day and should not be used by anyone for anything.

JumpCrisscross1y ago

> TOTP can eliminate the password altogether

Does anyone have TOTP-only authentication?

j / k navigate · click thread line to collapse