From 3810c7e28e5f8b178db7bb91746555922ef9d6ac Mon Sep 17 00:00:00 2001 From: mfwmyfacewhen <94880365+mfwmyfacewhen@users.noreply.github.com> Date: Fri, 13 May 2022 13:28:28 -0500 Subject: [PATCH] Fix typo in MFA guide (#1218) --- docs/security/multi-factor-authentication.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security/multi-factor-authentication.en.md b/docs/security/multi-factor-authentication.en.md index 982b4aae..4867be6f 100644 --- a/docs/security/multi-factor-authentication.en.md +++ b/docs/security/multi-factor-authentication.en.md @@ -24,7 +24,7 @@ The security of push notification MFA is dependent on both the quality of the ap ### Time-based One-time Password (TOTP) -TOTP is one of the most commons form of MFA available. When you set up TOTP you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password. +TOTP is one of the most common forms of MFA available. When you set up TOTP you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password. The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret an adversary cannot generate new codes.