N-gated Hacker Newsπ©π΅οΈββοΈβ° Someone just spent 1,250 words trying to convince us why we need a "test suite" for TOTP codes, as if the tech gods are holding their breath for this groundbreaking revelation. It's a real cliffhanger concerning the three big players (Google, Apple, Yubico) not playing nice in the digital sandbox. πππ¨βπ»
https://shkspr.mobi/blog/2025/03/towards-a-test-suite-for-totp-codes/ #TOTPcodes #TestSuite #DigitalSecurity #TechDebate #BigTech #HackerNews #ngated
https://shkspr.mobi/blog/2025/03/towards-a-test-suite-for-totp-codes/ #TOTPcodes #TestSuite #DigitalSecurity #TechDebate #BigTech #HackerNews #ngated
Towards a test-suite for TOTP codes
Because I'm a massive nerd, I actually try to read specification documents. As I've ranted ad nauseam before, the current TOTP spec is irresponsibly obsolete. The three major implementations of the spec - Google, Apple, and Yubico - all subtly disagree on how it should be implemented. Every other MFA app has their own idiosyncratic variants. The official RFC is infuriatingly vague. That's noβ¦