Comments (3)
npmccallum
commented on September 2, 2024
1
Comment by npmccallum on 28 Jul 2014 18:05 UTC
This is a very bad idea from both the security perspective and from the battery drain perspective. I don't think the benefit is worth the added complexity.
from freeotp-android.
npmccallum
commented on September 2, 2024
Comment by vinaur on 28 Aug 2014 00:11 UTC
I just want to understand the security considerations here for not providing this option. The concern is that someone who already knows my password for some service is going to look over my shoulder, see a TOTP code for the service that I'm not currently interested in (since the one I'm interested in I will reveal anyway), and will be able to authenticate within 1 minute (typical 30 second timestep, plus an additional timestep typically allowed by the authentication server)? I can conceive a scenario where this could be a concern, but I can also confidently say that this would not be a concern for me (and I'm sure that's the case for a lot of other users).
I also don't understand the battery drain concern, since the TOTP generation should only happen while the app is active.
from freeotp-android.
npmccallum
commented on September 2, 2024
Modified by vinaur on 28 Aug 2014 00:17 UTC
from freeotp-android.
Related Issues (20)
- Temporary option for export keys without encryption as workaround for #283 HOT 1
- can't restore from unencrypted backup HOT 1
- "Token is invalid" error if not filling user and organisation HOT 2
- Re-enable Travis CI or migrate to another CI service? HOT 1
- Restore password? HOT 12
- Developers are needed for iOS app HOT 1
- Update Firefox logo HOT 7
- lock app / require pin on open HOT 4
- Restore password not working after system update HOT 1
- Cannot work past the first screen when starting FreeOTP for the first time HOT 5
- backup and restore issue (?) HOT 6
- Add Tutanota icon HOT 2
- [Feature-Request] Allow adding of entries by just specifying label & secret HOT 8
- Unable to restore backup with password containing a backslash HOT 1
- V2.0.2(43) android remove entry HOT 2
- Parse leading/trailing whitespace leniently HOT 2
- Import not working HOT 3
- Importing and secrets format HOT 1
- Feature: Reading QR codes from phone storage
- Delete tokens HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from freeotp-android.