It’s really two step auth. Basically the point is that it defeats password spray attacks.
Higher assurance authenticators need more than TOTP. Usually that means adding a knowledge component (ie pin), challenge/response, a physical token, biometric or all of the above.
Higher assurance authenticators need more than TOTP. Usually that means adding a knowledge component (ie pin), challenge/response, a physical token, biometric or all of the above.