Two factor authentication is so important in the modern internet. As far as I know, it makes it extremely difficult to hack into an account, even if you have the password. But how does it work? How does this random website know that I’ve entered the temporary code from my authenticator app correctly?
Like, 2fa with email or text is simple, but how, specifically, do the authenticator apps on phones work?
In: 5
The app and the website have a shared secret key. They use the secret key and the current time to generate the temporary code. The temporary code can be generated the same way on both side and your input can then be compared to it.
The secret key is generated when you set up the two-factor authentication and both the phone and the server have it.
Latest Answers