Explore >> Select a destination
|
You are here 
|
zserge.com | ||
| | | | |
rcoh.me
|
|
| | | | | I always wondered how Google Authenticator style 2-factor codes worked. The process of going from QR code to rotating 6-digit pin seemed a bit magical. A few days ago, my curiosity found itself coupled with some free time. Here's what I found: What's in the QR Code I scanned the QR code from Github with a barcode scanning app. Here's what's inside: otpauth://totp/Github:rcoh?secret=onswg4tforrw6zdf&issuer=Github Not too surprising. It tells us the protocol, TOTP, who is issuing this OTP code (Github), and most importantly the secret:1 | |
| | | | |
labanskoller.se
|
|
| | | | | You probably use an "authenticator app" such as Google Authenticator to enable two-step verification (sometimes called two-factor authentication, 2FA, or multi-factor authentication, MFA) for an online account. The method is called Time-Based One-Time Password Algorithm (TOTP) and is standardized in RFC 6238. In October 2017 when I evaluated HashiCorp Vault for generating and storing TOTP secrets for a system at work I realized that the Android version and iOS version of Google Authenticator differed a lot when it comes to which modes are supported. | |
| | | | |
prezu.ca
|
|
| | | | | Part 3 is the last part in this short cycle. Here I'll explain all the details around Time-based One-Time Password algorithm. I'll finish up by also elaborating on things common to both, HMAC-Based One-Time Password algorithm: QR Codes used to easily transfer secrets from the server to the Authenticator app Base32 algorithm - used to store non-printable secret in a URI (effectively stored by the QR Codes mentioned above). TOTP One way to avoid the problems with lack of feedback between server and the app... | |
| | | | |
github.com
|
|
| | | Tads3 for Visual Studio Code. Contribute to toerob/vscode-tads3tools development by creating an account on GitHub. | ||
