Hacker News new | past | comments | ask | show | jobs | submit login

Its called two step verification. Prevents someone from “guessing” the password but doesn’t stop someone who has physical access to the device with the password stored. Same as with e-mail or SMS codes, basically. I don’t think i recall any websites that detect i am using my phone and rely on a true “second factor” aside from enterprise applications where i got a hardware yubi key.



It is called 2 factor or multi-factor authentication. It should be something you know (password) and something you have (device). Storing totp with your password defeats the entire point of it.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: