undefined | Better HN

0 pointsjjnoakes7y ago0 comments

Since TOTP seeds are long-term shared-secrets which are all that is needed to complete 2FA, and rarely/never rotated unless someone knows they were compromised, even years-old database compromises (old backups, etc) means current TOTP 2FA is also probably compromised.

Which is not true of some other 2FA mechanisms (which is my point - I never thought about it before, but TOTP has a specific failure mechanism that not all 2FA mechanisms have). I still prefer TOTP to auth codes over SMS, but I wish there was something better (TOTP with seed rotation, auth codes over more secure channels, etc).

0 comments

3 comments · 1 top-level

tptacek7y ago· 2 in thread

This is pretty silly. If a TOTP secret had value outside of a single application/database, this would be worth thinking about. But they do not; they are a binding between a device and a particular application. If either the app or the device are compromised, so is the relationship, as is (most likely) all the data you were trying to protect anyways.

jjnoakesOP7y ago

Let's say a service you still use loses a database backup from 2 years ago, and they don't realize it was lost.

Scenario 1: The service stored passwords in some way and TOTP seeds in the database and uses TOTP to authenticate users.

Scenario 2: The service stored passwords in some way and uses some other 2FA mechanism (like unique codes over some secure channel)

You seem to be claiming there is no different between the two, where as I think I'd prefer scenario 2, because in scenario 1, if my password is obtained somehow (the password was not stored securely, I used a weak password, credential stuffing matched my password from other site leaks against the email in this database leak, or any other way) then the attacker can log in to my account on the service right now and bypass TOTP 2FA. In scenario 2, 2FA is still protecting my account.

tptacek7y ago

I'm saying there is no practical difference between the two, because there isn't. You can keep layering feature after feature on any part of your security model, but time and energy is finite, and complexity adds risk, and burning time, energy, and complexity on this is bad engineering.

1 more reply

j / k navigate · click thread line to collapse