With this, account-holders log in using a password. The website then generates an access code unique to the account and displays it as a 2D code (a square full of dots), which can be scanned into an app like Google Authenticator. The app then spits out a new code, valid for a very short time, which is used to complete the account login. For each subsequent login, the user must return to the app for a new access code.
Where are the flaws in two-factor authentication?
The Economist

This explanation is a bit complex: you only scan a code once for each service (Google, Facebook, etc). Future logins will demand a numeric code after accepting your password, and the Authenticator displays the appropriate numeric code. Each future login requires a different code. Each app generates a unique series of codes for each service, and another person’s app won’t produce the correct code.

Like what you read? Give Rick Smith a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.