
Protectimus TOTP tokens with time synchronization are going on sale tomorrow - AnnaKorobkyna
http://www.releasewire.com/press-releases/the-first-totp-tokens-time-synchronization-protectimus-slim-1205627.htm
======
geofft
> _The only disadvantage of this token to date was the possibility of time
> drift. This problem is inherent to all TOTP tokens, without exception. TOTP
> tokens contain an on-board clock. Inevitably, the clock gradually gets ahead
> of or falls behind the actual time. Per RFC 6238, the time difference
> between the token and server should be monitored by the server software._

> _But users often don 't have access to the authentication server, so
> Protectimus figured out a way of correcting the token's clock instead. The
> time will be resynchronized when a secret key is flashed to the to the
> token._

Not sure I follow... the sync happens because when the user sends an attempted
TOTP code to the server, the server calculates a few codes just before/after
the current time, and if they match, the server updates its cache of the
token's clock drift. Nothing is stored on the client. Why would this not be an
option? (It requires the same access as required to send it a code in the
first place, no more.)

It seems like a serious negative to have a hardware token with significant
complexity on board; at that point you're better off using a smartphone which
gets software updates, because you have a platform that's rich enough to have
vulnerabilities and an attack surface. (And you can do things like put a
password on the smartphone.) Hardware tokens with no inputs, like RSA keyfobs,
make more sense.

~~~
icebraining
> Not sure I follow... the sync happens because when the user sends an
> attempted TOTP code to the server, the server calculates a few codes just
> before/after the current time, and if they match, the server updates its
> cache of the token's clock drift. Nothing is stored on the client. Why would
> this not be an option? (It requires the same access as required to send it a
> code in the first place, no more.)

"The server" here is owned by the site where you're logging into, not by
Protectimus, so you can't make it do those things. They found a way to fix the
clock issue from the end they can affect.

Plus you need some input anyway, since the TOTP protocol requires a shared
secret, and for some reason it became a standard that the server is the one
providing it on setup.

~~~
geofft
Are there servers that don't sufficiently deal with clock drift on their own?
(And TOTP devices that drift their clock by more than a few minutes a year?)

~~~
icebraining
Searching for "TOTP drift" seems to indicate it's a problem. I'm personally
not very knowledgeable, but I've used a few TOTP libraries, and I don't
remember any actually recording the detected drift like the RFC recommends. At
most they allow for some drift from the current time, but that's usually up to
1-1.5mins, so if the token drifts more than that, it won't work.

------
underyx
At a price tag of $30, you're better off buying a U2F hardware key such as a
Solo[0], a YubiKey, or Google's Titan.

TOTP is still vulnerable to phishing attacks and MitM, while U2F machine-
verifies the application ID, thus making phishing impossible (unless the
phishing site tricks the user into using a non-U2F backup method for 2FA.) The
downside is limited adoption, such as no support from Safari, and no support
on most websites today. But I expect U2F to have a bright future ahead.

[0]: [https://shop.solokeys.com/](https://shop.solokeys.com/)

~~~
yangl1996
Webkit's webauthn support is in development [0]. Hopefully the adoption will
improve a lot once all major browsers support it.

[0]:
[https://bugs.webkit.org/show_bug.cgi?id=181943](https://bugs.webkit.org/show_bug.cgi?id=181943)

~~~
icebraining
What's the user story for mobile browsers? Other than having a key hanging off
an OTG adapter, how can we secure a login made over a phone or tablet?

~~~
Freak_NL
WebAuthn can use the TPM chip in smartphones. It works the same as a discrete
hardware WebAuthn token: the key material is generated on the chip, and never
leaves it. The smartphone OS can't access the key on the TPM either, only use
it cryptographically to prove possession of the key.

You can test it right now with any recent Android smartphone with TPM chip:

[https://webauthn.io/](https://webauthn.io/)

Apple will eventually join the club too once they stop dragging their feet.

Of course with the TPM you effectively have a hardware token permantently
physically linked to your smartphone, so it changes the security analysis a
bit.

For users this means that WebAuthn for accessing websites on a TPM-capable
smartphone is really just a matter of unlocking the device when prompted.
Quite user friendly.

------
jsiepkes
I there still a need to evolve TOTP now that we have FIDO2 / WebAuthn?

~~~
mjlee
There are a huge number of services out there that support TOTP and show no
sign of implementing WebAuthn.

Apple's business tools still only support SMS authentication.

------
yarrel
Top Of The Pops?

~~~
Freak_NL
I was confused to find I landed on a page about some British pop music show
when looking for a general overview of TOTP on Wikipedia.

~~~
fmajid
I'm guessing Top Of The Pops, a British institution?

Try: [https://en.wikipedia.org/wiki/Time-based_One-
time_Password_a...](https://en.wikipedia.org/wiki/Time-based_One-
time_Password_algorithm)

