Hi, I was just skimming through 1Password's security white paper, and it says on page 51 that "TOTP secrets" is one of the things that's subject to disclosure in the event of a breach as it's stored in cleartext. Does "TOTP secrets" refer to the shared secret used in TOTP, or something else?
I thought it referred to the "information for performing TOTP functions which are as-yet unimplemented" (which I don't really understand) as it says in the paragraphs before it, where it describes all the tables that store plaintext information, but then why does it list "TOTP secrets" later on? How is this information intended to be used, exactly?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Are TOTP secrets stored in plaintext?