undefined | Better HN

0 pointsfencepost6y ago0 comments

I'm unaware of any options to export, that would be a security issue.

To store the seed values, simply store the text provided for use if you can't use the qr code.

0 comments

ISTR at least one service (AWS or Google) asking for the first 2 codes after scanning the QR code, probably to sync. So I always assumed simply re-scanning the QR code wouldn’t be enough but maybe it is this simple.

fencepostOP6y ago

The underlying technology behind (almost?) all of these is TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_a...) which pretty much just depends on both systems having clocks that are reasonably close to synced. The initial value is basically a random number generator seed, and given the seed and a number of iterations (based on the time differential from a set starting point) calculating a code is fairly simple.

There would be problems on fully-isolated systems experiencing clock drift, but on any modern Internet-connected system using NTP or on any cell phone with time synced to the network it shouldn't be a factor. The most likely problem scenario is probably a corporate network using only an internal time source that drifts.

Doing a single code as validation only makes sense to catch transcription errors since in case of problems someone could end up locked out of an account.

j / k navigate · click thread line to collapse

0 comments

laurentl6y ago

fencepostOP6y ago

Doing a single code as validation only makes sense to catch transcription errors since in case of problems someone could end up locked out of an account.

j / k navigate · click thread line to collapse