If you are looking to get an understanding of the various approaches to user authentication, how they rank up, and what libraries to use to implement it in ASP.NET Core, then check out my new Pluralsight course: “ASP.NET Authentication – The Big Picture”.
I have designed this course so that you can either watch it end to end or pick the parts that matter to you; with the aim to give you both a pragmatic overview of modern authentication, along with a practitioner’s recommendation of useful libraries with which to implement them.Read more
Software tokens, such as those you use in software token apps such as Google Authenticator and Authy, have been getting a bit of flack recently thanks to the growing adoption of FIDO2 and WebAuthn. Software tokens (aka soft tokens) still have their benefits and are easily one of the most widely adopted second factors used alongside passwords; however, I think a lot of us are using them for the wrong reasons. Not only are soft tokens phishable, but in the event of a breach, soft tokens won’t save you.
In this article, I’m going to look how a typical TOTP software token implementation works, and then pick apart their advantages and disadvantages.