OATH-HOTP

Hi @avendano,

I honestly don't know I'm afraid. TOTP as 1Password supports I find conceptually easy to understand. There's the shared secret and using that and the current time both devices can generate a temporary code to prove both know the secret without explicitly sharing it and all of that works without worrying about the client even being connected to the internet. As best I can tell HOTP uses a counter which increments each time you use it and I don't know if HOTP is how Duo Push (which requires an account and active internet connection) works or if they're completely separate. It could end up being a technical limitation but it will take somebody much better than I to say. Certainly there are some propriety authentication protocols so I'm unsure how extensive 2FA support could be made whilst the market is somewhat splintered.

For those wishing to at least replace the Microsoft Authenticator app, whilst Microsoft do promote it over other options, it is possible to say you wish to use a third party app which allows for a QR code for TOTP as used by the Google Authenticator app and 1Password. That only helps in that one specific case though.

ref: xplatform/security#22