To expound, I access a website that has a 2FA that asks me a temporary authentication code generated by Google authenticator. My Google authenticator is in my Android phone, which is usually offline. Even so, the temporary code that it generates still works when I input it in the website.
How does that work? How does my Google authenticator in a phone that isn’t connected to the net communicate with the website?
In: Technology
They are not communicating back and forth. In short, the app and site are using the same algorithm to calculate the same code at any given time.
When the authenticator is first set up, the authenticator and site “agree” on the same algorithm to use for all subsequent requests.
Like if I called you on the phone, at random, and we couldn’t talk until I told you today’s date, which is information you also know.
Latest Answers