How can authenticator apps work if the device you use the authenticator doesn’t have wifi connection?

258 viewsOtherTechnology

I was logging in on a microsoft account of my work. I use google authenticator. My phone was not having a wifi connection. Eventhough I entered the code and it let me log in. Later I noticed wifi on my phone was not working.

I thought the authenticator app needed to check via some sort of network if the code was right. It clearly doesn’t. But now I am curious how all of this works.

In: Technology

2 Answers

Anonymous 0 Comments

There are different types of authenticator token systems in use. Google Authenticator implements a well known standard known as TOTP as well as HOTP. This is short for Time-based One Time Password. The app is going to take the current time and date and then calculate a cryptographic hash using a secret key. The numbers it shows represent this hash. The server knows the same secret key and will calculate the same hash to compare. It will also calculate some of the other hashes around the current time in case the clock on the phone is a bit off or you take some extra time entering the code. But if your clock is too far out the phone will not show a valid code. HOTP works in a similar manner but instead of the clock it will use the number of times you viewed the code as input.

You are viewing 1 out of 2 answers, click here to view all answers.