Two factor authentication is so important in the modern internet. As far as I know, it makes it extremely difficult to hack into an account, even if you have the password. But how does it work? How does this random website know that I’ve entered the temporary code from my authenticator app correctly?
Like, 2fa with email or text is simple, but how, specifically, do the authenticator apps on phones work?
In: 5
Your phone (or in prior times, a separate device the size of a lighter) is running an algorithm that spits out pseudorandom numbers at set intervals of about a minute or so. To break that down, it’s not *really* generating random numbers, it just appears random because the outside observer doesn’t know the initial conditions used to set it up. Only the phone app and the authenticating body know how that pseudo random number generator is set up, so if the number the phone generates matches the one in the company’s servers, that’s the authentication.
Obviously, this falls apart if someone steals or clones your phone, or otherwise knows how to duplicate the number generator and settings, but it’s still one more hurdle that your average hacker needs to overcome. Given that most hacks aren’t *targeted* hacks against a specific individual, it’s not worth it to them to try and breach an account with 2FA, so they’ll go hunt easier prey.
Latest Answers