We used to use the pushToken as a 2fa for mobile. We converted it into a TOTP to compare against server side.

Question

We used to use the pushToken as a 2fa for mobile. We converted it into a TOTP to compare against server side. It worked, but probably not the most secure. Need a new version of this.

shyam · Accepted Answer

We used to use the pushToken as a 2fa for mobile. We converted it into a TOTP to compare against server side. It worked, but probably not the most secure. Need a new version of this.

- Fix the old implementation or make a new one using a different more secure key
  - Once fixed let the user know their 2fa was auto approved from mobile when they login

forgot password and 2fa update

Activity