Comment on Mandatory TOTP for illiquid risky contracts

Digen commented on 10 Jun 2020, 01:03 PM

The TOTP replaces the PIN. The problem with the PIN is that it is fixed, like a password. You may only change it once in a while, every 3 or 6 months etc.

If a scammer gets hold of your ID, password and PIN, he can use them to log in and place trades in your account. If he were to get your TOTP in the above manner, it would make no difference since it changes every 30 seconds and he would not be able to log in with your old TOTP. This makes your account far more secure.

View the full comment thread »