W​e all use websites and mobile applications in our daily life and to add another level of security

to our most personal and private web account. All websites and applications require login from its
member to gain access, most use id and password. This is not secure enough to protect our data and very
private info. One of the most secure process of authentication is Google authentication. ​It allows site users
and admins to sign up to your website using their Google username and password. Here, in this blog I
will explain about Google authentication and its algorithm.

What is Google Authentication?

Google Authentication is the Two-factor Authentication process that inspect user and verify
whether the user is authorized or not before granting access to websites and services.Google
Authentication provides higher protection to our account by generating OTP to be entered with your
username and password. Generally, OTP is sent to our registered phone number or email.

OTP Generation Algorithm-:

Google Authentication mainly follow two algorithms to generate OTP. These algorithms are
listed and explained below-:
1. HOTP-:  
HMAC-based One-time Password algorithm (HOTP) is a one-time password (OTP)
algorithm based on hash-based message authentication code (HMAC). ​The HOTP algorithm
provides a method of authentication by symmetric generation of human-readable passwords, or
values, each used for only one authentication attempt.​HOTP relies on two basic things: a shared
secret and a moving factor. The algorithm is event-based so whenever a new OTP is generated,
the moving factor will be incremented, hence the subsequently generated passwords should be
different each time.
2. TOTP-:
Time-based One-Time Password algorithm (​TOTP​) is an extension of HMAC-based
One-time Password algorithm ​which uses the same algorithm as HOTP with one major
difference. The counter used in HOTP is replaced by the current time. The client and server
remain in sync as long as the system times remain the same. This can be done by using the
Network Time protocol.
The TOTP password is short-lived while the HOTP password may be valid for an
unknown amount of time.

Workflow of ​Two-factor Authentication

Well, ​Google Authentication doesn’t require any internet or mobile connection. After turning on
Two-Factor Authentication, the service will ask you whether you'd like to receive your temporary code
via text message, email, or whether you want to use Google Authenticator to generate key. ​The system or
algorithm generates the secret key - a unique 16 or 32 character alphanumeric code. This code is sent to
authorized registered phone number or mailing address and the authorized user can enter the secret key
manually and as a result, both system and GA know the same secret key and the user can access to
websites and services.