• caglararli@hotmail.com
  • 05386281520

How MS Authenticator "number matching" works

Çağlar Arlı      -    27 Views

How MS Authenticator "number matching" works

When using MS Authenticator on a Microsoft account, the user fills in the email address or username. After that, the user presses one of the three numbers in the MS authenticator app, or enters the two digits displayed, and is logged in. All good.

My question is what are the workings behind it?

I can find a lot of information about hashes, 2FA, TOTP authenticator apps. But nothing about the theory behind MS Authenticator. Does the app have a private key or something and only signs a certificate if the correct number is pressed? Or is the number on the screen hashed and with a salt sent to the server for authentication? Those are the two possibilities I came up with.