|
Q: Regarding my previous question, does you need to use the device in combination with a username and password? If so, then that obviously answers the question - but from what I've read, it's not clear to me that that is the case, I thought you could maybe use the device by itself as the only authentication factor; however that doesn't make much sense since the data is encrypted symmetrically
A: If you don't want to automatically send the pubic ID prefix, you can use a user-supplied identification, such as a username or so. In such a case, only the OTP part is sent (32 characters = 128 bits).
If you want a two-factor login, then you also request the user to supply a PIN or password. That can be used as a static part to be verified by the server together with the dynamic OTP.
|
Login
FAQ
Search
