Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

TOTP is pretty standard. Give the user backup codes and just use normal recovery methods. For most things that might be email. For a bank it's probably identity verification.


The vast majority of Vietnamese I know do not have an email account.

So that would be a dumb thing for a Vietnamese bank to use as a recovery method.


Email shouldn't be recovery for bank anywhere, you go to the bank for that. But TOTP is so user-hostile that I can see it causing too many recovery requests for the bank.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: