Slide 21
Slide 21 text
@jacobian
Soft tokens
Risks
Can be compromised by device malware.
Typically based around a shared secret, which can be silently stolen.
Time-based tokens are vulnerable to theft, brute-forcing, and re-use.
Delivery is usually to the same device being used.
UX
re-uses devices users already have
relatively familiar (to experienced users, at least)
enrollment can be confusing (TOTP)
time skew on devices can make implementation difficult
Cost Free to users.
Provider costs range from free (e.g. TOTP) to several $/user.