Hi! I was doing some webdev yesterday and needed to clear my cache and cookies for the first time in a long time, which prompted me needing to log into all the save sites from previous session. Most of them require 2FA and it got me thinking how does it actually work?
For security I assume there isn’t a token saved next to the user’s ID or password. Or is there something in the QR code you scan originally to add it to the app?
I kind of gather SMS 2FA is a code that is saved with an expiry, same is when emails send links to your account and an expiry for the link. But codes that expire every 30 seconds it seems like thats a lot of database rewrites.
In: Technology
>But codes that expire every 30 seconds it seems like thats a lot of database rewrites.
You’ve got the correct idea up until here.
Memory exists for a reason – 2FA codes don’t necessarily get stored and rewritten in the database – they can be kept in server-side memory (even more fitting as they are temporary)
Transactions with a database every 30s would be a nightmare for data concurrency
Latest Answers