Benefits of WebAuthn VS TOTP (outside of MITM and Phishing attacks)

The benefits to using a hardware key setup with WebAuthn are very clear and immediate when it comes to preventing Man-In-The-Middle and phishing attacks.

However, outside of these two attack vectors, are there any other benefits to using a hardware key or is, for example, using Bitwarden Authenticator equally as secure as a YubiKey in this situation?

Not even close.

TOTP is sometimes sold as MFA, but, strictly speaking it is not a second factor. That’s why it is often referred as 2SV (2 Step Verification).

Strictly speaking, TOTP is also something you know (the seed used to generate the codes).

A physical fido key trully is another factor (something you have).

1 Like