[fapeiyeunesou]

I once forgot the password to my cloud storage account - it seemed like no big deal, but it turned out that I didn't have two-factor authentication enabled. I regained access, but then I realized how much 2FA can really save from headaches. Now I'm slowly enabling it wherever I can, but I'm a bit confused - they write about one-time passwords, then about some TOTP, HOTP, OCRA... In short, who really knows how two-factor authentication works and what are the differences between these one-time codes?

[lossauzasalle]

I had the same thing a couple of years ago, especially when I started customizing 2FA in the admin of one project. Everything is simple in words, but in practice there are a lot of nuances. For example, TOTP uses the current time and each code lives for about 30 seconds, while HOTP works on a counter - with each new input the next code is generated. That's when the hotp generator came in handy to test everything before launching. Very handy, especially when you want to make sure that the server and client are on the same page. By the way, if you connect 2FA to work accounts, it's better to use OTP rather than SMS - much safer and without being tied to an operator.

[vicecrufoli]

I'm not really into the subject myself, but I've encountered 2FA a couple of times when logging into banking applications. One time I even had to wait half an hour for a code, because the connection in the village was poor. Since then, I respect offline generators and applications like Authenticator

[FannyMoen]

Challenge-response system; generates code based on dynamic inputs such as time, counter, or transaction data.