I used totp first time yesterday on GitHub and I don't understand it's point. I had to install otpclient app (from Ubuntu repository) where I typed 4 strings and it spit out one number which I typed back to GitHub. Attacker could do this as well, so the only thing totp does is to prove I can read and write. What am I missing here?
replies(5):