13Oca
Digital Signatures as an Alternative to TOTP Backup Codes
It seems pretty common for websites to issue a bunch of backup codes for MFA that the user saves somewhere.
Instead, why don't they provide the user with the private key for a digital signature and store the public key? Wouldn't the randomness for a digital signature be far more superior than 5x 6 digit codes?
