I understand the basic idea of two factor authentication: two credentials are used to more securely authenticate users. I am asking about a specific method of two factor authentication that I encounter frequently.
When I turn on two factor authentication for my Google account I am able to access frequently changing pseudo-random numbers on my iPhone. These random numbers constitute the second authentication factor (the other being my password) and I am able to enter these numbers to authenticate myself.
What I really don't understand is that these numbers will still work to authenticate my identity when my iPhone is offline. So obviously whatever is going on is more interesting than Google verifying that I have some number they gave me.
I am very interested in what exactly is going on. Is the pseudo-random number a keyed hash of system time? That's my best guess but I am very curious.
What you called “pseudo-random numbers” are one-time passwords (OTPs). These passwords are generated under the algorithm. If you talk about frequently changing OTPs, the TOTP algorithm is used. TOTP (time-based one-time password) algorithm means that a temporary password is generated. This password usually expires in 30-60 seconds. Your device does not need to be online as OTPs are generated based on secret key, which is the same for your device and service. So device and server generate the same password and when you enter the OTP in the process of access to your account the server checks if the OTP is correct. Based on it the server confirms or denies the access to the account.