only system which does it securely is bitcoin cold wallet / offline computer signed transaction
or as you pointed out, signing it on smartcard with keypad reader.
but for login TOTP is better then anything else. i can put it on arduino with small oled board and have it in safe/vault offline.
and there is no way for attacker to MITM, and here lies the problem. companies can not blame you as easily as with currently deployed technologies... they hide breaches all the time, f... PCI
> but for login TOTP is better then anything else. i can put it on arduino with small oled board and have it in safe/vault offline. and there is no way for attacker to MITM
There totally is! How do you know you're entering the TOTP on a legitimate website?
WebAuthN prevents that, both by not letting you use a given key on the wrong website, and by including the origin in the signature generated using the key which the relying party can then check for plausibility.
or as you pointed out, signing it on smartcard with keypad reader.
but for login TOTP is better then anything else. i can put it on arduino with small oled board and have it in safe/vault offline.
and there is no way for attacker to MITM, and here lies the problem. companies can not blame you as easily as with currently deployed technologies... they hide breaches all the time, f... PCI