Two factor authentication is so important in the modern internet. As far as I know, it makes it extremely difficult to hack into an account, even if you have the password. But how does it work? How does this random website know that I’ve entered the temporary code from my authenticator app correctly?
Like, 2fa with email or text is simple, but how, specifically, do the authenticator apps on phones work?
In: 5
The code used by an app (or a hardware token, for that matter) isn’t random – it’s maths.
Let’s say, for instance, that the bit of maths is:
* Take the time in seconds since a certain date
* Multiply that time by some number known both to the app and the website
* Take the last six digits of that result – and that’s your code
Provided the website and the app both have the correct time, they’ll come to the same answer. The actual maths is going to be a bit more complex than what I’ve mentioned, but principle is the same – do the same sum, and you should get the same answer which means you can check if the person who’s entered the code is who they say they are.
Latest Answers