
How TOTP Systems Like Google Authenticator Work - philk10
https://spin.atomicobject.com/2020/08/23/how-totp-works/#.X0PGclfhyRY.hackernews
======
sdfhbdf
Nice intro but this could be complemented about some insight about the
philosophy of Two-Factor authentication.

> an attacker could capture a password as it was being transmitted

I think this could be amended to rather point to the factors of auth:
something you know, something you have, something you are. OTP could have also
prevented social engineering attacks and phishing where only the password was
phished.

Also for the conclusion I'm missing some info about U2F which seems to fix the
problems with TOTP secrets described in the last paragraph.

