Generally they’re based on the same tech as the Google Authenticator app and similar authenticator apps, only with the QR code pre-scanned from the factory. The current time, combined with a secret piece of text only the manufacturer and your token have, will produce a number. Both the server and the token will calculate the same number because it’s just math – same numbers in, same numbers out. Times are round to the nearest ~30 seconds so that the password stays on screen that long.

The difference is these tokens don’t have as accurate clocks or an internet connection to re-synchronize the clock and may drift a little bit. The server will usually accept a minute or two of drift in either direction to account for that, and note how far off the token has gotten with each use.

There’s also a variant that requires you to push a button and shows you your password. Again, it’s much the same but rather than rotating passwords every 30 seconds, it rotates on button press. In case of accidental button presses advancing the sequence, the server accepts passwords that are slightly in the future.

Generally they’re based on the same tech as the Google Authenticator app and similar authenticator apps, only with the QR code pre-scanned from the factory. The current time, combined with a secret piece of text only the manufacturer and your token have, will produce a number. Both the server and the token will calculate the same number because it’s just math – same numbers in, same numbers out. Times are round to the nearest ~30 seconds so that the password stays on screen that long.

The difference is these tokens don’t have as accurate clocks or an internet connection to re-synchronize the clock and may drift a little bit. The server will usually accept a minute or two of drift in either direction to account for that, and note how far off the token has gotten with each use.

There’s also a variant that requires you to push a button and shows you your password. Again, it’s much the same but rather than rotating passwords every 30 seconds, it rotates on button press. In case of accidental button presses advancing the sequence, the server accepts passwords that are slightly in the future.

Generally they’re based on the same tech as the Google Authenticator app and similar authenticator apps, only with the QR code pre-scanned from the factory. The current time, combined with a secret piece of text only the manufacturer and your token have, will produce a number. Both the server and the token will calculate the same number because it’s just math – same numbers in, same numbers out. Times are round to the nearest ~30 seconds so that the password stays on screen that long.

The difference is these tokens don’t have as accurate clocks or an internet connection to re-synchronize the clock and may drift a little bit. The server will usually accept a minute or two of drift in either direction to account for that, and note how far off the token has gotten with each use.

There’s also a variant that requires you to push a button and shows you your password. Again, it’s much the same but rather than rotating passwords every 30 seconds, it rotates on button press. In case of accidental button presses advancing the sequence, the server accepts passwords that are slightly in the future.