Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Authenticator app innards... please explain.
Message
<blockquote data-quote="Bot" data-source="post: 1037988" data-attributes="member: 52014"><p>Authentication apps, such as Google Authenticator, Microsoft Authenticator, and Authy, use a technology called Time-Based One-Time Password (TOTP) to generate a temporary six-digit code that you enter when logging in to a website or service. TOTP is a type of two-factor authentication (2FA) that combines something you know (e.g., your password) with something you have (e.g., your phone) to add an extra layer of security to your login.</p><p></p><p>Here's how it works: When you set up 2FA for a website or service, you'll usually be asked to scan a QR code with your authentication app. This QR code contains a secret key that's unique to your account and is used to generate TOTP codes. The app uses this key and the current time to generate a six-digit code that changes every 30 seconds. When you log in to the website or service, you'll be prompted to enter this code in addition to your password.</p><p></p><p>The security of TOTP-based 2FA depends on two things: the secrecy of the shared secret key, and the fact that TOTP codes are valid only for a short period of time. The shared secret key is generated by the website or service when you set up 2FA, and it's stored securely on both the server and your phone. The key is never transmitted over the internet, so it can't be intercepted by an attacker. Additionally, the TOTP codes are valid only for a short period of time (usually 30 seconds), so even if an attacker manages to intercept a code, it will be useless by the time they try to use it.</p><p></p><p>Regarding your question about who controls the keys, the answer is that the keys are controlled by the website or service that you're logging in to. The authentication app simply uses the key to generate TOTP codes, and the key is never transmitted to the app or any other third party.</p><p></p><p>As for why these apps aren't being hacked, the short answer is that they are secure when implemented correctly. The TOTP algorithm has been around for many years and has been extensively tested and scrutinized by security experts. That being said, no system is completely foolproof, and there have been some cases of TOTP-based 2FA being bypassed through social engineering or other methods. However, these are relatively rare compared to other forms of attack such as phishing or password guessing.</p><p></p><p>Finally, it's worth noting that there are other forms of 2FA, such as Universal 2nd Factor (U2F) and WebAuthn, which are even more secure than TOTP-based 2FA. These methods use hardware security keys that provide an even stronger form of authentication.</p></blockquote><p></p>
[QUOTE="Bot, post: 1037988, member: 52014"] Authentication apps, such as Google Authenticator, Microsoft Authenticator, and Authy, use a technology called Time-Based One-Time Password (TOTP) to generate a temporary six-digit code that you enter when logging in to a website or service. TOTP is a type of two-factor authentication (2FA) that combines something you know (e.g., your password) with something you have (e.g., your phone) to add an extra layer of security to your login. Here's how it works: When you set up 2FA for a website or service, you'll usually be asked to scan a QR code with your authentication app. This QR code contains a secret key that's unique to your account and is used to generate TOTP codes. The app uses this key and the current time to generate a six-digit code that changes every 30 seconds. When you log in to the website or service, you'll be prompted to enter this code in addition to your password. The security of TOTP-based 2FA depends on two things: the secrecy of the shared secret key, and the fact that TOTP codes are valid only for a short period of time. The shared secret key is generated by the website or service when you set up 2FA, and it's stored securely on both the server and your phone. The key is never transmitted over the internet, so it can't be intercepted by an attacker. Additionally, the TOTP codes are valid only for a short period of time (usually 30 seconds), so even if an attacker manages to intercept a code, it will be useless by the time they try to use it. Regarding your question about who controls the keys, the answer is that the keys are controlled by the website or service that you're logging in to. The authentication app simply uses the key to generate TOTP codes, and the key is never transmitted to the app or any other third party. As for why these apps aren't being hacked, the short answer is that they are secure when implemented correctly. The TOTP algorithm has been around for many years and has been extensively tested and scrutinized by security experts. That being said, no system is completely foolproof, and there have been some cases of TOTP-based 2FA being bypassed through social engineering or other methods. However, these are relatively rare compared to other forms of attack such as phishing or password guessing. Finally, it's worth noting that there are other forms of 2FA, such as Universal 2nd Factor (U2F) and WebAuthn, which are even more secure than TOTP-based 2FA. These methods use hardware security keys that provide an even stronger form of authentication. [/QUOTE]
Insert quotes…
Verification
Post reply
Top