I've tried some Authenticator Apps (Google,Microsoft,Authy,Lastpass,...) and all of those apps generate same one time passwords at the same time ?
So, these apps are use the same algorithm which is a generic algorithm not an application developer's algorithm. Am I right ?
these apps are use the same algorithm which is a generic algorithm not an application developer's algorithm. Am I right ?
Yes.
There are two commonly used protocol for authenticator apps:
The algorithms for the two protocols are specified in open standards, so yes, all implementations of it are inter compatible.
All of the apps you listed share an algorithm. This allows them to be compatible and largely interchangeable.
However, there are other schemes that appear nearly identical from a user standpoint but do not use the same algorithm. For example RSA Authenticate uses a proprietary algorithm which is a type of TOTP, but is not compatible with RFC 6238.
If each app used its own algorithm, then each site would need to use a particular authenticator app since each site would need to use that algorithm.
In some cases, this does happen. Some sites and services use their own authentication app and base it on the common standards, but you can't always use another app. Steam is an example of this situation, but this is not the common or usual case.
They all use the HOTP algorithm. Before, various proprietary alogrithms were used. They seemed to be easy to exploit, so we migrated to open standards.
