Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’m going to use both. TOTP most of the time, U2F in a safe at home in case I break/lose my phone


> I’m going to use both. TOTP most of the time, U2F in a safe at home in case I break/lose my phone

That's backwards. TOTP is vulnerable to phishing attacks, which are the primary threat model. Far better to use U2F for daily use, and then keep a printout of the TOTP QR code in a safe at home as a backup.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: