@eapl.me@eapl.me Yeah it’s an interesting idea for sure. I mean you’re basically trying to eliminate the need for passwords as such right? 🤔
yep, it’s not a passwordless solution as a TOTP is a dynamic password, but the idea is to reduce keyloggers and phishing impact a bit by not using the same passwords forever. If you already have 2FA, you reduce a step. It’s experimental, and not recommended for current security standards, although it could work for geeks.
More like an indie proposal between passwords and Webauthn without Auth services in the middle (like AWS, Azure, Auth0 and so on)
For example, a proposal from Microsoft I found recently: