Hi all
Using quite default Privacyidea setup and testing it out. I have configured TOTP token and trying to add it to my phone and only Microsoft Authenticator and privacyidea.authenticator are able to add new account if other than SHA1 is being used.
Same happened with multiple accounts and on Android and iOS as well. Is this expected behaviour?
Long answer: Many authenticator apps suck.
Short answer: Yes.
1 Like
Really wonder when Microsoft Auth learned sha256. The last time i tried it failed.
But for TOTP I don’t think sha256 adds much security compared to sha1.
1 Like
With H/TOTP sha256 never adds any security.