Does anyone know how 2 factor authenticator services work? I'm curious how it's possible for the services reading them and the services creating them to predictably know the exact digit sequence at a given time without being knowable to 3rd parties. From an cursory undergraduate CS education it feels like a related but different problem to hash functions. Just curious!
Each party (sender and receiver) share a secret, random key. This key is created and shared only once during the initial account setup.<p>Thereafter, this secret key is used by both sender and receiver to encrypt the current time and produce a hash code.<p>If the codes match and your login credentials are valid (2 factors), you are authenticated; otherwise, you are not.<p>Once you dig into it, it's not too hard to replicate. I wrote myself a simple desktop CLI program that duplicates the app on my phone. It retrieves the appropriate secret key (selected by key/name) from an encrypted data file and generates a code as needed and places it into the clipboard so I can easily paste into a login screen.