• yetAnotherUser@discuss.tchncs.de
    link
    fedilink
    arrow-up
    2
    ·
    21 days ago

    Well, TOTP prevents at least these attack vectors, even for tech-illiterate people:

    • Unnoticed data base leaks being used to gain full access to people’s accounts
    • Credential stuffing (using another service’s leaked credentials to gain access)

    With TOTP there must be at least some contact between the “hacker” and the victim.