AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Google authenticator hotp and totp3/10/2024 ![]() And the biometric 2FA for services that support it (so far, I’ve only seen it used with certain corporate MSFT services) are a nice cherry on top. Note: I know Authy exists and had this functionality of cloud syncing 2FA keys between logged in devices for years, but for some irrational reason i was sticking with the “simpler is better, and i somehow trust google more with this one”, but luckily, I trust MSFT with my 2FA no less than i would google, perhaps even moreso. ![]() Thus, HOTP stands for HMAC-based One-time Password. The H in HOTP stands for Hash-based Message Authentication Code (HMAC). That is, if the user generates an OTP without authenticating with it, the. However, HOTP is susceptible to losing counter sync. The advantage of this is that HOTP (HMAC-based One-time Password) devices require no clock. HOTP is the original standard that TOTP was based on. What is OATH HOTP (Event) HOTP works just like TOTP, except that an authentication counter is used instead of a timestamp. That would still not solve the problem of manual transfer and disabling/re-enabling 2fa for every single service, but that would be much better than losing the device. Also read: Passwordless Authentication 101. Prior to this, i was seriously considering getting a cheap backup phone to which i set up all the 2fa codes simultaneously with my main phone, then put that cheap phone in a bank cell/safe/etc., and then rely on it in case something happens to my main phone. No more stressing about something happening to my phone, as long as i have my (single) primary recovery key stored on a piece of paper somewhere safe (as opposed to having a paper recovery key for every 2fa service i use). GOTP works with the Google Authenticator iPhone and Android app, as well as other OTP apps like Authy. ![]() Microsoft Authenticator solves both of those problems, as they have recently (less than a year ago iirc) added a “backup to cloud” feature. If i upgrade phones? I have to disable and re-enable 2FA on my new phone manually for every single service I use. If i store my 2FA in google authenticator and something happens to my phone? I am in a world of serious pain. Importance of Two-Factor Authentication Often when you hear that an account was ‘hacked’, it really means that the password was stolen. GitHub - speakeasyjs/libotp: Two-factor authentication for Node.js. Why? I have already mentioned it in other comments before, and it is due to Google’s insistence on not implementing recovery from backup. Setting up Two-Factor with Google Authenticator or with any TOTP app is easy - just use the app to scan the barcode you see in the Cloudflare dashboard, enter the code the app returns, and you’re good to go. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator. What Google Authenticator uses are the HMAC-Based One-time Password (HOTP) and Time-based One-time Password (TOTP) algorithms. For me personally, Microsoft Authenticator started ruling as well recently, after 5+ years with Google Authenticator.
0 Comments
Read More
Leave a Reply. |