Eli5: How does the an authenticator app (like Google authenticator) and a site I’m accessing communicate if my authenticator app is in an offline phone?

435 viewsOtherTechnology

To expound, I access a website that has a 2FA that asks me a temporary authentication code generated by Google authenticator. My Google authenticator is in my Android phone, which is usually offline. Even so, the temporary code that it generates still works when I input it in the website.

How does that work? How does my Google authenticator in a phone that isn’t connected to the net communicate with the website?

In: Technology

7 Answers

Anonymous 0 Comments

It is a TOTP – **Time** based One-Time Password. The website gives your authentication app a specific seed value that is combined with the current time to generate a predictable six-digit code. Since both your app and the website know the seed value and know what time it is, they both can generate the same six digit code whenever asked. So when you give the site the code, it compares it with the code it expects to get from you _at this specific time_.

This tech will work offline so long as your phone clock doesn’t drift too far from the current time.

You are viewing 1 out of 7 answers, click here to view all answers.