All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

mTOTP: A Manual Human-Computable Alternative to TOTP Authentication

By

brna-2

4mo ago· 5 min readenCode
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

An everything bagel for the brain. Substantive, layered, well-seasoned.

Score100TypeanalysisSentimentneutral

Summary

mTOTP is an experimental, manual variant of Time-based One-Time Password (TOTP) authentication designed to be computed by humans without electronic devices. The protocol explores the limits of time-based authentication under strict human constraints, intentionally allowing OTPs to be calculated for future times as a requirement rather than a limitation. It's designed for a specific type of user who doesn't carry 2FA devices but becomes the 2FA themselves through manual computation.

Key quotes

· 5 pulled
It takes a special kind of geek to not carry a 2FA device. One who becomes the 2FA.
mTOTP is an experimental, manual variant of TOTP designed to be computed by a human without electronic devices.
It explores the limits of time-based authentication under strict human constraints and makes no claims of cryptographic equivalence to standard TOTP.
This protocol intentionally allows OTPs to be calculated for future times.
Rather than treating this as a limitation, it makes it a requirement: the user must know
Snippet from the RSS feed
mTOTP is an experimental, manual variant of TOTP designed to be computed by a human without electronic devices. It explores the limits of time-based authentication under strict human constraints an...

You might also wanna read

The Simplicity and Future of Self-Signed JWTs for Authentication

The article discusses the ease of generating self-signed JSON Web Tokens (JWTs) and JWK keypairs for authentication, highlighting the simpli

selfref.com·10mo ago

Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities

Anthropic has released a free security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs

cybersecuritynews.com·4h ago

wolfCOSE: A Lightweight COSE + CBOR Library for Embedded Systems with PQC and FIPS 140-3 Support

wolfCOSE is a lightweight C library implementing CBOR (RFC 8949) and COSE (RFC 9052/9053) for embedded systems, using wolfSSL as the crypto

github.com·1d ago

Anthropic launches Claude Security beta for codebase vulnerability scanning

Anthropic has released Claude Security, a defensive security tool within Claude Code on the web, from closed preview to beta for Claude Ente

thenewstack.io·1d ago

How LinkedIn's 2012 Breach Exposed the Dangers of Unsalted Password Hashes

This article examines the 2012 LinkedIn breach where attackers cracked millions of passwords using fast, unsalted hashes like MD5 and SHA-1.

hendryadrian.com·1d ago

AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator

A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This

infosecurity-magazine.com·1d ago