EPISODE · Jul 6, 2026 · 22 MIN
How Your Password Manager's 6-Digit Code Actually Works
from My Weird Prompts
Ever wonder how your authenticator app generates a new six-digit code every thirty seconds without ever contacting the server? The answer is more elegant than you'd expect. In this episode, we break down the TOTP algorithm — from the HMAC-based one-time password foundation to the dynamic truncation step that turns a cryptographic hash into a six-digit code. We explain why clock drift causes those panic-inducing moments when every code fails at once, and why SHA-1's known weaknesses don't actually matter for TOTP security. If you use two-factor authentication, this is how it really works under the hood.
What this episode covers
Ever wonder how your authenticator app generates a new six-digit code every thirty seconds without ever contacting the server? The answer is more elegant than you'd expect. In this episode, we break down the TOTP algorithm — from the HMAC-based one-time password foundation to the dynamic truncation step that turns a cryptographic hash into a six-digit code. We explain why clock drift causes those panic-inducing moments when every code fails at once, and why SHA-1's known weaknesses don't actually matter for TOTP security. If you use two-factor authentication, this is how it really works under the hood.
NOW PLAYING
How Your Password Manager's 6-Digit Code Actually Works
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m