• @[email protected]
    link
    fedilink
    English
    14 months ago

    The most secure practice for any high-value accounts (email etc) is to use WebAuthn with a hardware key like a Yubikey.

    TOTP is still vulnerable to phishing (a fake login page can ask for both a password and a TOTP code) so business/corporate environments are moving away from them.

    • @[email protected]
      link
      fedilink
      English
      14 months ago

      Sure, hardware keys are superior!

      I’m only talking about best practtices when using TOTPs in particular.