How does Google authenticator works?

General security questions
Post Reply
Posts: 114
Joined: Sat Jun 20, 2009 5:42 pm

How does Google authenticator works?

Post by mister_v »

I'm using google authentictor as 2 factor authentication.

But I don't understand how it works. Especially offline.

Can anyone explain me ? (In normal words)
Site Admin
Posts: 108
Joined: Mon Jul 21, 2008 9:45 am
Location: Leuven, Belgium

Re: How does Google authenticator works?

Post by Chris »

It doesn't use the internet connection, it uses time and key.

Google Authenticator supports both the HOTP and TOTP algorithms for generating one-time passwords.

With HOTP, the server and client share a secret value and a counter, which are used to compute a one time password independently on both sides. Whenever a password is generated and used, the counter is incremented on both sides, allowing the server and client to remain in sync.

TOTP essentially uses the same algorithm as HOTP with one major difference. The counter used in TOTP is replaced by the current time. The client and server remain in sync as long as the system times remain the same. This can be done by using the Network Time protocol.

The secret key (as well as the counter in the case of HOTP) has to be communicated to both the server and the client at some point in time. In the case of Google Authenticator, this is done in the form of a QRCode encoded URI. See: KeyUriFormat for more information.
Post Reply