I’m going to use both. TOTP most of the time, U2F in a safe at home in case I br... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

dickeytk on June 11, 2019 | parent | context | favorite | on: Support for U2F security keys

I’m going to use both. TOTP most of the time, U2F in a safe at home in case I break/lose my phone

chimeracoder on June 11, 2019 [–]

> I’m going to use both. TOTP most of the time, U2F in a safe at home in case I break/lose my phone

That's backwards. TOTP is vulnerable to phishing attacks, which are the primary threat model. Far better to use U2F for daily use, and then keep a printout of the TOTP QR code in a safe at home as a backup.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact