• Natanael@slrpnk.net
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Passkey plus TOTP doesn’t really make sense (they’re both client side cryptographic keys, you don’t need two protocols), at least use a PAKE algorithm with a PIN instead if you want the server to be able to check the user’s knowledge of a secret without sending it in a readable form