If you’ve turned on two-factor authentication on your gmail or outlook account (and you should), you probably have an app on your phone that generates a six-digit number you have to input in addition to your password. Ever wonder how that works?

Well here’s how.

And this is interesting:

In the last two years, the rapid rise of network threats has exposed the inadequacies of static passwords as the primary mean of authentication on the Internet.
- RFC 4226, December 2005

In 2005 they knew this.