On 26 Jan 2020, at 16:23, Ángel via mailop wrote:
I like them as 2FA solution, too. Simple, standard, offline, vendor neutral, not vulnerable to MITM...
Ahem. If the attacker manages to position themself in between your session, they get a chance at your TOTP. Same attack scenario as with the old RSA SecureID tokens.
Best regards -lem _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop