If you are using the yubico-authenticator app then you are using TOTP, just with... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		psanford on Nov 2, 2022 \| parent \| context \| favorite \| on: Aegis Authenticator – Secure 2FA App for Android If you are using the yubico-authenticator app then you are using TOTP, just with the seeds stored on your yubikey. This is still vulnerable to phishing. I hope what you meant to say is that you are switching to using WebAuthn with your yubikey on all sites that support it, and then using your yubikey for TOTP on sites that don't support WebAuthn yet. WebAuthn is the thing that gives you actual protection against phishing.

acdha on Nov 2, 2022 | [–]

Yes, that's exactly what I meant: I use the same Yubikeys for authentication, but fail back to TOTP when sites don't support something secure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact