TOTP and Passkeys in a Password Manager… Is It a Good Idea?
The question is about trust
Wait I’m Lost, TOTP?
Time-Based One Time Passwords. Basically if you’ve never heard of or seen it before, a website will give you a QR code you can take a picture of with your phone (using Google Authenticator, Duo, etc.), and then you get an entry for that site where a set of numbers will appear every 30 seconds.
These magic numbers (Time Based One Time Passwords or TOTP) are computed using a code that the QR code represents (you can also manually enter it or copy paste it). The time based part is that, given the time plus the secret key, you can compute a code that the server can check without you passing any other information.
Generally speaking, you store TOTP codes in a personal device like a phone, that way when you sign in, you have to enter your password AND one of these codes. Why should we do something like this?
A Second Factor
What this gives you is a second factor, i.e. another way to secure your account besides a password. A second factor (i.e. 2FA or Multifactor) is the best way to…
