Skip to content Skip to sidebar Skip to footer
Home / Android / Cordova / Google Authenticator / Ios / Phonegap Build

Understanding How Google Authenticator App Works

Post a Comment
I have seen many two factor authentication apps like the google authentication app. The app works offline and is resets the key on the phone every 30 seconds. So how the the server

Solution 1:

Google Authenticator uses Time-based One-time Password Algorithm. It uses the current time and a shared secret key to compute the code. The generated codes validate as long as the device and server have the correct time set.

Solution 2:

Google Authenticator uses 2 different methods:

1...

The "time-based" version (TOTP) is pretty simple to keep in sync. (Both your device... and the remote server... must have the same/correct time.)

2...

The "counter-based" version (HOTP) stays in sync (even if your mobile device is in airplane-mode) and somehow updates its counter internal every 30 secs... and the remote server does the same.

I've only worked with #1... since Google isn't very clear about how the #2 counter can stay "in sync" (changing ever 30 secs) without any communication between the mobile device and remote server.

Post a Comment for "Understanding How Google Authenticator App Works"