Re: Oh my God!
TOTP may well be better than SMS, which isn't saying much. However, it is still vulnerable to an infinite array of common attacks. The key problem (yuk yuk) is the storage of the token used to generate the OTPs. If confidentiality of the token is compromised, so are all future OTPs. In other words, the token has exactly the same security attributes as a password you put in a text file on your phone. Or, if you are using an open-source implementation like totp-cli or any of the others, a text file on your desktop, laptop, etc. If the user software is malicious or the OS fails to protect the token storage on its behalf, the game is over. It is of course also possible for this shared secret to be compromised on the other side, something over which the user has no control whatsoever.
Like all "2FA" implementations in common use today, TOTP is just another password -- only unlike a password I can't store the token exclusively offline to protect it from software, firmware, and hardware defects, to say nothing of malicious actors looking for ways to automate access to such keying material. The attacks against SMS and TOTP are quite different in nature, making them a somewhat reasonable pairing. The attacks against passwords are different still, especially if one avoids storing the password on digital media. We could do a lot worse than requiring all three together, but only if all three were always required. In practice, the need for recovery paths always makes it possible to gain unauthorised access with fewer factors than are supposedly employed... almost always zero.
Biting the hand that feeds IT
