5Ara
Why do TOTP two-factor authenticators use shared keys?
From what I understand, mobile phone-based two-factor authenticators like Google Authenticator implement TOTP which uses a shared secret key between the phone and the authenticating server.
Why did they decide to use a single shared secret key when they could have used a public/private key pair? The phone would store the private key and can sign an increment counter/timestamp and the authenticating server could verify the signature with the public key. It seems more secure since a breach in the authenticating server wouldn't be able to compromise the user's secret key. Are there any advantages that a shared secret key provides?