Taking MFA to next level - A new approach!

Dec 12, 2019

What is TOTP?

Those who have enabled multi-factor authentication (mfa) in his/her Google accounts, major vendors out there are aware of the importance of having them. For others, who are not aware of what mfa is and how it works, please look into the following wiki link: TOTP Wiki Page

Traditional Approach of TOTP apps:

Most of the Authenticator apps out there, starts providing One Time Password easily, when you:

Why this might not be the completely safest approach?

There is no way to tell whether the rightful owner is scanning the QR code or using the key, which makes it a bit vulnerable. I’m not arguing about it’s existence, but the mere fact that what if someone gets hold of my secret key and password, they can easily generate the OTPs and get access to my systems. Many, people might say that we need to start using Password Generators for this purpose, I’m in fact, voting in favor of them. The next thing that I’m about share might sound silly, but has worked well for many of my clients and users.

A small step can improve the situation a little bit better:

The above mentioned steps are just suggestions for those who feel the necessity of implementing your own MFA solution and are in need to monitor or track the access usage safely.

   elixir (5) , phoenix (1) , mfa (1) , one-time-password (1) , totp (1)