A developer-focused explanation of authenticator apps, TOTP (RFC 6238), otpauth URIs, time drift handling, and the security properties behind offline 2FA codes.
