commit: b3653a1363ceeb5720c0cdc6d18a158c6518b344
parent 31396fcdede90298bf509d4bec80f9321214496f
Author: Drew DeVault <sir@cmpwn.com>
Date: Wed, 19 Oct 2022 09:47:09 +0200
Update TOTP
Diffstat:
1 file changed, 6 insertions(+), 0 deletions(-)
diff --git a/content/blog/TOTP-is-easy.md b/content/blog/TOTP-is-easy.md
@@ -99,3 +99,9 @@ don't have to store temporary SMS codes in the database, you don't have to worry
about phishing, you don't have to worry about SIM swapping, and you don't have
to sign up for some paid SMS API like Twilio. It's more secure and it's trivial
to implement — so implement it already! Please!
+
+---
+
+**Update 2022-10-19 @ 07:45 UTC**: A reader pointed out that it's important to
+have rate limiting on your TOTP attempts, or else a brute force attack can be
+effective. Fair point!
