Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't need to do that for HOTP/TOTP though.

1. Scan a QR code.

2. You now have a secret value that can generate a deterministic pseudorandom integer securely indefinitely.

Also, SMS-based MFA should be burned to the ground.



Scanning a QR code by hand is easy when you don't have the phone handy. (sarcasm)

Actual OTP should allow you to print out or write down a set of codes.


> Scanning a QR code by hand is easy when you don't have the phone handy. (sarcasm)

That's way different from "I don't want to give out my phone number".


Both are impossible when not having a phone.


It's non sequitur.

"I have a phone number but don't want to give it out" is different than "I don't have a phone".

But hey, there are 2FA devices you can use instead.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: