To expound, I access a website that has a 2FA that asks me a temporary authentication code generated by Google authenticator. My Google authenticator is in my Android phone, which is usually offline. Even so, the temporary code that it generates still works when I input it in the website.
How does that work? How does my Google authenticator in a phone that isn’t connected to the net communicate with the website?
In: Technology
It is a TOTP – **Time** based One-Time Password. The website gives your authentication app a specific seed value that is combined with the current time to generate a predictable six-digit code. Since both your app and the website know the seed value and know what time it is, they both can generate the same six digit code whenever asked. So when you give the site the code, it compares it with the code it expects to get from you _at this specific time_.
This tech will work offline so long as your phone clock doesn’t drift too far from the current time.
Latest Answers