Originally Posted by
jsloan
A OTP built into the app you're currently using is… kind of pointless.
Is it, though?
What's the difference, realistically, from having an OTP token in, say, Google's authenticator app, and the generator built into the United app? It'd still do the over-the-wire authentication, which is the important part.
What's the security advantage of flipping back and forth between the authenticator app and the United app at login?
Now --- in theory, SHOULD you be using an OTP token on the same physical device you're authenticating? Not really, no. But that's - in practicality - what happens.
So what's the advantage?