
Show HN: Minimal TOTP generator in 20 lines of Python - susam
https://github.com/susam/mintotp
======
anandsubra
> Many websites and services require two-factor authentication (2FA) or multi-
> factor authentication (MFA) where the user is required to present two or
> more pieces of evidence: • Something only the user knows, e.g., password,
> passphrase, etc. • Something only the user has, e.g., hardware token, mobile
> phone, etc. • Something only the user is, e.g., biometrics.

Apart from mobile phones using fingerprints to unlock, are biometrics used in
any mainstream MFA? Are there any websites, services or companies that accept
passwords and OTPs also accept biometrics for authentication?

~~~
jankiehodgpodge
No and I'm not sure this would be desirable either, it would mean having to
have services store and validate your biometric data.

~~~
blamestross
And transmit it! Biometrics are useless for remote 2fa. They only even make a
little sense when used for immediate local hardware interaction. From a remote
perspective you can't authenticate biometrics versus a replay attack. Hardware
does it by literally being hardware and thus has high confidence it is talking
to the real sensor and you will note all the phones require harder
authentication on boot before enabling biometric authentication.

------
sc9311
This is super neat! Thanks for open sourcing this.

------
devposter
Including the comment in first line and blank lines there are 30 lines. If we
ignore them, yes, 20 lines.

