Are you using two-factor authentication (2FA) on your most important accounts? You should be, because a simple username/password combination (regardless of how well chosen the password) is simply not strong enough to protect your assets nowadays.

If you are using 2FA, you’ve got some sort of app on your phone, or perhaps a physical device, that generates a short sequence of digits to verify your identity. The digits change every 30 seconds or so because the codes are time based.

Have you ever wondered how this works? The article linked below provides a simple explanation of how those 2FA apps generate unique time-based codes and how login services verify them.

How does the Time-Based One-Time Password (TOTP) algorithm work?