Hi PCFreak, hi Kris,
thanks a lot for this good point.
Choosing between totp and hotp is always also a kind of a matter of...
...believes.
If the secret key gets compromised, you have a problem.
Many people say, you already have a problem, when using HOTP.
In the past I saw users, who were handed an HOTP hardware token.
As these users were lazy but clever, they pressed the button a hundred
times, and wrote down all the OTP values.
They generated a "TAN list". They could use this sheet of paper to login
with these OTPs, which they crossed of the list.
Such things can not happen with TOTP.
You are right, that - if the seed is compromised or copied on purpose -
there can be 2, 3 or a thousands copies of the token, without realizing
it. So it is harder to tell, if you are compromised.
In addition, the user himself could scan the QR code twice. Or have his
friend and colleagues scan the QR code. In some scenarios this is a
problem. When IT knows, that the users already gave their passwords to
their co-workers. They probably will also give the TOTP seed to their
co-workers. In this case HOTP would be a better choice.
Anyway, if I was the attacker and get hold of the HOTP seed, and my
latest OTP does not work, I am smart enough to try
HOTP(current_counter + 10)
HOTP(current_counter + 20)
HOTP(current_counter + 40)
HOTP(current_counter + 80)
And I will get a hit...
Nevertheless, the original user will realize, that his next OTP value
will not work - since I used it.
The question is, if the original user is smart enough, to think of the
possibility, that his token is compromised.
It is hard to tell. I personally prefer HOTP token, since I experience
it to be more robust.
Thanks a lot for your input and bringing up this topic
Cornelius