Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2025-05-02 06:16:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Badness Enumeration

Browse source
This commit is contained in:
Tommy 2022-07-27 09:37:53 -04:00 committed by GitHub
parent c4974c7ac2
commit ddc0451884
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 57 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/knowledge/Multi-factor Authentication.md
View file

@ -43,7 +43,7 @@ When logging into a website, all you need to do is to physically touch the secur
The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process.
![Yubico OTP](/yubico-otp.png)
![Yubico OTP](/images/yubico-otp.png)
The Yubico validation server is a cloud based service, and you're placing trust in Yubico that their server won't be used to bypass your MFA or profile you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third-parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance.