

How To Screw Up Two-Factor Auth - bradleybuda
http://blog.meldium.com/home/2013/8/23/screw-up-two-factor-authentication

======
zeckalpha
I'm surprised by people pushing OTP and TFA as an answer to our problems when
most implementations use insecure key distribution. SMS is no better than
email.

One could use something like PGP to encrypt your OTP list, but this would
still leave the OTP list on the server for nefarious server accessors.

