Two factor authentication is so important in the modern internet. As far as I know, it makes it extremely difficult to hack into an account, even if you have the password. But how does it work? How does this random website know that I’ve entered the temporary code from my authenticator app correctly?
Like, 2fa with email or text is simple, but how, specifically, do the authenticator apps on phones work?
In: 5
When you created the 2FA method, the server generated a secret. That is the thing that is shared via a QR code with your phone.
Then your phone runs a predetermined algorithm that takes the secret and the current time and produces a code. The server can also take the secret and the current time and compare the value. If you were able to provide the value that is correct for the current time, then you must have the device that the original secret is on.
Latest Answers