Time-based One-Time Passwords app (TOTP)
ref: brycewray
a method to manage your online security: multi-factor authentication (MFA), which is also sometimes called two-factor authentication (2FA)
OTP is a password (usually a set of digits rather than an actual word or phrase) that is valid only once.
time-based OTP is generated through an algorithm that computes a (usually) six-digit code by concatenating and scrambling the actual time in seconds and the numerical value from a “secret” or “seed.” A TOTP has a short life span, typically thirty seconds. It changes at the :00 mark and :30 mark of each minute.
Why not just let the bank (or whatever) send me an OTP via text or email?
--> The answer is that neither texting nor email is (or was designed to be) a secure method for delivering anything, much less passwords of any kind.
TOTP app on the market
- Raivo OTP
- backs up to iCloud, makes your TOTPs available on all your iOS devices
- Authy
- Cons:
- requires a phone number for setup, not ideal for privacy concerns
- Authy make it really difficult to break away from its ecosystem, to the point of sometimes not allowing individuals to delete their Authy accounts
- Pros:
- ease of cross-device syncing—on Authy’s servers—so you can access your TOTPs on your various devices and OSs
- only provider that has full-fledged desktop apps as well as mobile apps
- Cons:
- Google Authenticator
- locked box, can not share TOTPs among multiple devices
- not recommended
- Microsoft Authenticator
- considered as a one-device-per-user app, not optimized for sharing TOTPs among multiple devices
- best suited only for Microsoft-heavy workplaces
- use only if you’re in a setting that requires Microsoft Authenticator, a proprietary kind of TOTP