Konubinix' opinionated web of thoughts

Getting 2FA Right in 2019

Fleeting

Getting 2FA Right in 2019

fact that TOTP is not as good as a hardware key is not an excuse to continue allowing either SMS or voice codes

https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/

TOTP and WebAuthn are both solid choices for adding 2FA to your service

https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/

TOTP is free, WebAuthn (mostly, currently) is not

https://blog.trailofbits.com/2019/06/20/getting-2fa-right-in-2019/