undefined | Better HN

0 pointsStavrosK12y ago0 comments

> (Or trust Google's....)

What does that mean? Where do you need to trust Google's?

0 comments

2 comments · 1 top-level

lstamour12y ago· 1 in thread

I meant, "or trust Google's ability to keep their two factor authentication keys secret (with their Authenticator app)". Though perhaps I also meant using Google Authenticator app with your own keys ... except you'd still need to keep them somewhere, which means ideally an HSM and we're back to square one. :)

StavrosKOP12y ago

What do you mean by "their" two factor authentication keys? There are no "their" keys.

TOTP/HOTP is an open standard and Google Authenticator is an open source app. You can audit it, or write your own. It's not even that hard to implement.

j / k navigate · click thread line to collapse