zlacker

[parent] [thread] 3 comments
1. Lafore+(OP)[view] [source] 2015-10-19 01:27:45
A two-factor authentication token to sent via text, not the actual password.

That said, I find SMS-based 2FA to be pretty dodgy as well. Cloudflare was hacked once by somebody who managed gain access to an admin's mobile phone by social engineering their telco. If a site does not offer TOTP based 2FA I usually don't bother using it.

replies(2): >>jsprog+B >>suneil+s2
2. jsprog+B[view] [source] 2015-10-19 01:39:06
>>Lafore+(OP)
I didn't say the actual password. The page wasn't very forthcoming on all the details, but a 2FAT is typically just a very short, temporary password.
3. suneil+s2[view] [source] 2015-10-19 02:24:58
>>Lafore+(OP)
How does TOTP compare to HOTP?
replies(1): >>Lafore+O9
◧◩
4. Lafore+O9[view] [source] [discussion] 2015-10-19 04:57:17
>>suneil+s2
HOTP tokens does not expire with time, so there is a bigger risk of them being stolen from transit/storage and successfully used.
[go to top]