An algorithm is used that rules out performing reverse calculations and extracting the secret key from this code. What remains is to compare them: should the code you entered match the server-generated one, the authentication is successful.Īfter each request for a generation session, the counter value changes so that the code is one-time and unique. The data for calculating this code is the same on both sides, so if everything goes according to plan, the two codes will be identical. A counter is essentially a number that increments each time a new one-time code is generated. Next, a cryptographic algorithm is applied to generate a unique code based on this key and a counter value. The idea is that both the app and the service you’re using - remember the same secret key. This laid down the fundamentals of authentication using one-time codes that are synchronously generated on the client and server sides. Way back in 2005, the OATH HOTP (hash-based one-time password) authentication standard appeared. Authenticator apps are based on these standards (along with some other things, but which aren’t the topic of this post). Several open standards for strong authentication have been created under the umbrella of the Initiative for Open Authentication (OATH). Let’s start with how authenticator apps work in general. But if you’re curious about the whats, whys, and hows - read on… How authenticators work But what, if any, are the pitfalls? For those who have no time to read to the end, here’s the answer straight away: don’t worry, Google Authenticator is more than replaceable. Since these alternatives exist and clearly have a userbase, you might assume they could be full-fledged replacements for Google Authenticator. But is Google Authenticator the only option, or should you give one of the many alternatives - like Microsoft Authenticator or Twilio Authy - a whirl? Almost all services are compatible with it, and some even provide a link to the app when you set up 2FA. Google Authenticator is the most well-known and widely used authenticator app that generates such codes. Many online services allow (and sometimes even require) you to set up two-factor authentication (2FA) with one-time codes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |