#hotp — Public Fediverse posts

Behind the 6-digit code: Building HOTP and TOTP from scratch

https://blog.dogac.dev/how-do-one-time-passwords-work/

#HackerNews #HOTP #TOTP #OneTimePasswords #Security #Development

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

Authenticator app? What's that? I use the terminal 🔥

🔒 **cotp**: Trustworthy and encrypted TOTP/HOTP authenticator with a TUI.

🚀 Supports importing (e.g. from Aegis, Authy, Google Authenticator, etc.)

🦀 Written in Rust & built with @ratatui_rs

⭐ GitHub: https://github.com/replydev/cotp

#rustlang #ratatui #tui #totp #hotp #authentication #auth #encryption

#Shaarli: GitHub - beemdevelopment/Aegis: A free, secure and open source app for Android to manage your 2-step verification tokens. - Application mobile d'authentification double facteur (2FA).
Permet d'importer les jetons depuis d'autres applications (accès root) et de sauvegarder automatiquement les jetons. : https://github.com/beemdevelopment/Aegis #totp #hotp #2fa

Someone at GitHub asked for websites using HOTP.

It’s true that all public sites use TOTP, I personally never registered to a site with 2FA based on HMAC. To me it’s probably used by enterprises.

Do you know such sites or services?

#2fa #mfa #totp #hotp

Just looked at #totp code I implemented a year ago and cringed. I mean I grew as a developer but why did I implement a state full version of #hotp and #totp?

Passwords, multiple authentication factors: everything you want to know but are truly afraid to ask...

The full text: https://writefreely.mrnet.pt/pls/lets-talk-about-safer-authentication-the-good-bad-and-the-ugly

#authentication #hotp #totp #FIDO #FIDO2 #passkeys #webauthn #u2f #2fa #passwords #security

#OneTrickPony is a modern #Java library that implements support for One-Time Passwords. Built-In support is provided for the #HOTP (RFC 4226) and #TOTP (RFC 6238) algorithms. https://bit.ly/3YoVQ6M #Security

@Troll Solution : #HOTP (RFC 4226), au lieu de #TOTP. (Mais il a d'autres inconvénients, la vie n'est pas facile, ma bonne dame.)

#andOTP is a Free open source Two-factor authentication app for #Android - https://github.com/andOTP/andOTP Among its useful features are plain text or encrypted automated #backup, visual icons, QR-code scanning, minimal permissions, Android-keystore authentication and ability to import from most other #2FA apps.
#backup #otp #totp #hotp #degoogle
via https://magicfab.ca/liens/

Prisa kodgudarna, tvåfaktorsautentisering på datamaskinen är här! #OTPClient ser ut att vara ett riktigt trevligt program med stark kryptering och lösenordsskydd för #2FA direkt på datorn. Men kanske för bekvämt i relation till ökad säkerhet med att ha 2FA på annan device? https://github.com/paolostivanin/OTPClient Tänk om #Sverige hade vettig öppen #eID där det räckte med tvåfaktor på dator eller mobil för identifiering oavsett system. #BankID #FrejaEID #TOTP #HOTP #WebAuthN