OTP Code - Additional security | Feature Requests

OTP Code - Additional security

Jason T.

We love the idea of having the OTP codes in Hudu, but hate the idea that if one system is compromised, then both factors are given the the attacker. It would be great if we would require an MFA push notification (I realize I'm assuming everyone has Azure SSO with push notifications enabled) when trying to access the OTP (or even the password) to protect against this.

January 28, 2021

Luke P.

I was just coming here to make this wish. I agree, that's my biggest hang up with putting OTP & U/P together in the same system... One small breach away from bankruptcy. Even having some kind of "passphrase" that encrypted the OTP codes, that was the same across the entire system would be good enough for me. OTP would be encrypted at that point, and inaccessible without some further authentication measure.

William H.

The same can be said about having any password manager accessible from a mobile, in case the mobile is stolen.
It's a horrible situation, but, I personally would like to see a native app/protected by whatever the OS' protection is (FaceID/similar) and have the OTP only visible there, or, through push (DUO style).
... I know that this will be WELL in the future though, or not at all!
(Obviously, still not protecting against the Hudu box itself being compromised, but, you have to draw the line somewhere and I would hope the app itself is secure!)