Does TOTP 2FA solve not having to trust those other entities?

bombolo · on Dec 2, 2022

Many force you to install their own app instead of using a generic one. Which is a problem.

Also google's app doesn't easily let you export and backup the seeds. So you either remember to do that initially or breaking your phone == losing access to everything.

account42 · on Dec 2, 2022

> Many force you to install their own app instead of using a generic one. Which is a problem.

I agree that having to use a proprietary app is not great, but TOTP is vulnerable to MITM attacks because the tokens are not restricted to a specific action but only to a time slice. For many use cases that is not a big problem, but for a bank account I'd want more security. Of course being able to do your banking in the same app or a slightly different one on the same device kind of defeats the purpose.