Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
deathanatos
on Sept 13, 2023
|
parent
|
context
|
favorite
| on:
When MFA isn't MFA, or how we got phished
The basic premise is in
https://datatracker.ietf.org/doc/html/rfc6238
, although today I'd use SHA-256, not SHA-1, if possible.
But I'd disfavor TOTP over hardware tokens that can sign explicit requests.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
But I'd disfavor TOTP over hardware tokens that can sign explicit requests.