![]() ![]() I'm not sure how the crypto works, but if I use Symantec VIP Access for both SiteA and SiteB, doesn't this effectively give SiteA TOTP tokens that it can use to impersonate me on SiteB? Also, Symantec doesn't support any way to backup its secret - their documented work-around for a lost, broken, or replaced smartphone is to contact technical support at for each system with which I've registered my "credential ID". This software seems to generate a single secret, then I register the "credential ID" with other systems to allow them to recognize my TOTP stream. ![]() However, I've encountered a few systems that support only Symantec's "VIP Access" program. This system allows me to have separate TOTP streams for each site and allows me to backup my seeds (by printing the QR codes used to set them up). I'm most accustomed to using Google Authenticator / FreeOTP for my 2FA needs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |