Techly NewsGet the app

Get the latest tech news

Towards a test suite for TOTP codes


Because I'm a massive nerd, I actually try to read specification documents. As I've ranted ad nauseam about the current TOTP spec being irresponsibly obsolete. The three major implementations of the spec - Google, Apple, and Yubico - all subtly disagree on how it should be implemented. Every other MFA app has their own idiosyncratic variants. The official RFC is infuriatingly vague. That's no good for a security specification. Multiple implementations are great, multiple interpretations are…

Depending on security requirements, Digit = 7 or more SHOULD be considered in order to extract a longer HOTP value. Strongly Recommended The issuer parameter is a string value indicating the provider or service this account is associated with, URL-encoded according to RFC 3986. If you're from Google, Apple, Yubico, or another security company - wanna help me write up a proper RFC so this doesn't cause issues in the future?

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Suite

Suite

Photo of TOTP codes

TOTP codes

Related news:

News photo

Asus unveils full suite of RTX 5000 series gaming laptops, complete with 100% DCI-P3 screens

News photo

C-suite Goes Gig as Demand For Fractional Work Rises

News photo

After missing the AI boom – badly – Samsung shuffles the C-Suite

« When Professor Bryant Lin got cancer, he taught a class about it
The lost boys: how a generation of young men fell behind women on pay »