andry08
commented
2 years ago Yes, most of them are probably using the same standard TOTP algorithm and hiding the seed from the user. This article (in italian) lists a couple of providers and their methods (but he didn't analyze Sielte).
This is a very interesting project. To your knowledge, is there any way that this kind of principle could be applied to the other SPID providers ? I'm interested in seeing if it could work with Sielte ID. Let me know if you'd be available to give it a try.
Thank you