{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidzryjzlkgymplsvv7koklnfibqi4zozfguxzjfbvu7uyvvvvvbv4",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlrg6y2skj22"
  },
  "path": "/t/totp-apps-vs-windows-hello-passkeys-for-2fa/37842#post_14",
  "publishedAt": "2026-05-13T21:21:52.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "> I don’t follow the advice myself. TOTP is so insecure anyway I don’t feel the extra inconvenience and potential for locking yourself out of your accounts is honestly worth it.\n>\n> by insecure I mean TOTP can very easily be phished, and the only thing protecting you is a 30 second timer. Phishing is very automated these days, so attackers will be able to put the code in before it expires.\n\nI’ve been trying to separate that same theoretical risk from the realistic one. Live phishing is possible, but if someone is careful, keeps logins bookmarked, and pays attention before signing in, have tilfoil about man in the middle, it seems like an astronomical low probability scenario.\n\nThe bigger concern feels like session hijacking. At that point, nothing matters anymore anyway. Which seems like the more dangerous threat for someone with strong habits. I’m sure some will disagree, but if you’re extremely cautious, I don’t find this to be that big of an issue.",
  "title": "TOTP Apps vs Windows Hello Passkeys for 2FA"
}