To expound, I access a website that has a 2FA that asks me a temporary authentication code generated by Google authenticator. My Google authenticator is in my Android phone, which is usually offline. Even so, the temporary code that it generates still works when I input it in the website.
How does that work? How does my Google authenticator in a phone that isn’t connected to the net communicate with the website?
In: Technology
They don’t communicate. They both agreed *beforehand* on a Super Secret Math Code.
With the Super Secret Math Code, you can take the current time and put it into one end of the math, and you get some number out the other end. Since the site and the authenticator both agreed on the same Super Secret Math, they’ll both get the same answer to the math problem.
So authenticator says “according to the math that we agreed on, the answer based on the time now is 12345”. And the website says “based on the time right now, it looks like 12345 would be the right answer to the math we agreed on”.
Latest Answers