However I have always thought One-Time Password logins are the most mystical ones. A six-digit code that changes every time and can be used to verify your identity. How does the server know the newly generated one, and how is it really secure? In this post, I will explain what HOTP, TOTP is and how they work by sharing my own implementation from scratch.
Good writeup but misses one critical point.
Edit: Several readers have warned me it is much easier to generate random numbers instead. The server has to store number of attempts to make sure it is not brute forced as well.
Good writeup but misses one critical point.
Yes