I am questioning the safety of a TOTP device on USB.
First, I need a computer or, most of the time, a smartphone, to scan the QR code, which means I have to use an insecure device to get my code, and more importantly, to scan the QR code for the first time.
Second, using the computer and the USB port is not always possible, and using the same device to enter the password and get the code is not as secure, IMHO, as when using a second independent offline device.
Some manufacturers are offering a completely offline device, with an integrated camera, to store TOTP codes, without anything to plug on a phone or on the computer. In my opinion, this is the safest way to use TOTP.
Does your company is going to provide such a device ?
I don’t know if Nitrokey has any plans to design and produce a device with a totally new hardware feature like a camera. I assume they would approach it, if a major customer contracts to buy big quantities of it, because the usage you describe is proprietary - not obligatory part of the standard defining TOTP. Imagine how many features an offline device with a camera could support, basically none apart from 2nd factor methods like TOTP. No gpg, fido2, etc.
You are certainly right that USB is an inherently insecure interface.
However, for TOTP we have to distinguish between the setup and daily usage: For setup, a QR code you refer to is only a visual presentation of the TOTP secret and the site should provide the secret itself, which you need to type/copy-paste to setup the TOTP on the Nitrokey. This means you don’t have to scan/store/copy/transmit the QR code. You could do the TOTP setup with the key plugged into a separate PC, like you could use a separate (to the one you use to connect with) smartphone to scan it.
The security of the TOTP secret relies on it being stored securely on the key, i.e. you cannot extract it when the Nitrokey is plugged into USB. This implies if you then use it on your primary PC, the secret is still protected.
Yes you can store both, a site password and 2nd factor TOTP code, on a Nitrokey and both would be protected by the same PIN you use. However, you don’t have to use the (same) Nitrokey for both either. (Once you start to use a Nitrokey for serious purposes, you probably need a backup Nitrokey anyway.)
So, I get where you’re reservations come from, but there are workarounds if the risk profile of your anticipated usage does not forbid using USB devices at all.
Although many services still utilize TOTP, U2F was initially introduced as a second factor that eliminates the need for copying a shared secret. Right now, TOTP is mostly provided for compatibility reasons. A lot of technical folks like it because it can be backed up.
Protocols constantly evolve. U2F has been developed further to become FIDO2, and with the industry shifting towards Passkeys, the concept of a second factor is becoming less relevant.
… Well, is there a first-gen UTF token that was not compromised? IMHO the UTF problem basically was the hardware being broken before it was adopted/supported by industry sectors widely, similar but to a wider extent than TPM 1.2 chips.
If I scroll through the finance and banking categories of https://dongleauth.com, the absolute majority indeed appears to support 2nd factor (T)OTP, and the few exceptions in the FIDO2 column will likely not support UTF. These are sectors that require strongest authentication (even for consumers, if only for compliance regulations) and stable standards for processes (HBCI?).
Also, it is finance sectors that deploy offline OTP generators (e.g. PhotoTAN), which @arodier74 basically enquires about. The transactional (TAN) feature these enable is something I don’t see anywhere in WebAuthn/FIDO2. So, an offline camera-device for (T)OTP may sound niche, but if it implements open standards it could indeed be very useful for a lot of use cases other than regular 2FA TOTP.
