$argon2id$v=19$m=64,t=512,p=2$DP574tIq9T8sEscj6Jvj7g$it63tsz/4vnM6CwIFtYjSA

  • 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle




  • Aside from SMS/email, which should be avoided anyway for other reasons, or proprietary solutions like MS’ or Steams approach, there is nothing to be gained from TOTP or WebAuthN.

    TOTP (the 6 digit code that changed every 30 seconds, usually) is just a hash of a shared secret between you and the server, and the current time rounded to the nearest 30 seconds.

    WebAuthN/FIDO2/U2F is private by design. Keys/authenticators derive a unique key for every credential pair, you can even register the same key multiple times because of this. About the only thing you gain is knowing what type of authenticator is being used, which is of questionable value at best.