avatar Kisaragi Hiu

Introduction to Two Factor Authorization

Two factor authorization (2FA) in online accounts is a strong way to limit account access. It involves a website (a point of access control) and a client (like Google Authenticator, FreeOTP, and others).

When setting up 2FA, you store a randomly generated text (I'll call it the token) in the 2FA client.

Both the website and the 2FA client will derive a 6-digit code from the token and the current time. When they share the same token and agree with the current time, the code will be the same. This is done so you can type in a 6-digit code while keeping the difficulty in guessing a long string of random text.

When logging in, the website will ask for the password, as before, and the derived code. If one of the two isn't known, access will not be permitted. This adds an extra layer of security to crack, like adding an extra lock onto your door.

In practice, this means:

And when logging in: