[Cialug] 2FA

Jared Brees fromj2sitsme at msn.com
Wed Mar 13 16:22:57 UTC 2019


Yes, for TOTP, that's pretty much it (a bit more math and some specific algorithms involved, but yes). This is also why if your phone time is off by a minute or two you can fail to login with it.

The issuer and username are usually used by the 2FA app to identify the account to the end user.

But again, that's all just TOTP. If a client wants MS Authenticator, they might be expecting the "push" component, which is (as I understand it) entirely discrete from any TOTP stuff, likely a propriety implementation of sorts. (Much like the "push" 2FA that Google has built-in to Android, and I assume Apple has figured out by now in iOS.)


________________________________
From: Cialug <cialug-bounces at cialug.org> on behalf of Dave Hala <dave at 58ghz.net>
Sent: Wednesday, March 13, 2019 11:13
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] 2FA

Here's how I think it works:  When you add a new user, you create a "secret
key".   The secret key needs to be input into the authenticator app.  The
keys are long strings of text, that would be difficult to enter manually.
 The app that generates the secret key, encodes it as QR code that can be
read by the authenticator app using the mobile device's camera.    The
authenticator apps reads the QR code and extracts the secret key and saves
it locally.    When the user logs in and a second factor is requested, the
user fires up the authenticator app and the key is hashed with a time value
and generates a numeric value on an interval (usually 30 -60 sec) .  That
value is entered by the user as a second factor during the login process.
 On the server side, that numeric is tested and if correct, then the login
is successful.







On Wed, Mar 13, 2019 at 10:39 AM Todd Walton <tdwalton at gmail.com> wrote:

> On Tue, Mar 12, 2019 at 5:46 PM Rob Cook <rdjcook at gmail.com> wrote:
> > If you want to use Authy for O365 you have to choose the non-MS app
> option
> > so that it generates the proper QR code for Authy.
>
> In O365 you have to generate a special QR code for use by non-MS
> authenticators?
>
> --
> Todd
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>


--
NIFCAP  -The Premier Client Intake System for Non-Profit Organizations.
https://www.osis.us
_______________________________________________
Cialug mailing list
Cialug at cialug.org
https://www.cialug.org/cgi-bin/mailman/listinfo/cialug


More information about the Cialug mailing list