If so, then the user has the key and off you go.Īn important part of this is that each authentication session must produce a different result.
When the user (well, their USB security key) provides a computed output, the server runs the same math with the same password to see if it got the same result. Whatever backend service you are trying to authenticate to also has the same password, and has the same math formulas. However, it will perform math with this password and provide the outputs.
As a general rule, the key contains some kind of secret, like a password but more obscure, which it never gives out to the computer it's connected to.
0 kommentar(er)
