This was pretty plausibly "something you had" even though it was based on a secret number embedded in silicon.
The secret key was stored in the dongle's flash memory, and the device was shipped with it installed. How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone's TOTP keys. To fake an app-based 2FA query, someone has to know your TOTP password.
Two-factor authentication "protects from an attacker listening in right now," writes Slashdot reader szczys, "but in many case a database breach will negate the protections of two-factor." Hackaday reports:
0 kommentar(er)
