Sponsored by

Hello friends!

Welcome to this week’s Sloth Bytes. I hope you had a fun week.

Unlock the Power of AI With the Complete Marketing Automation Playbook

Discover how to reclaim your time and scale smarter with AI-driven workflows that actually work. You’ll get frameworks, strategies, and templates you can put to use immediately to streamline and supercharge your marketing:

• A detailed audit framework for your current marketing workflows

• Step-by-step guidance for choosing the right AI-powered automations

• Pro tips for improving personalization without losing the human touch

• Tools and templates to speed up implementation

Built to help you automate the busywork and focus on work that actually makes an impact.

Steal the Playbook

How Do Two-Factor Codes Work?

You know the drill: you log into a website/app, it asks for your password, and then it demands that six-digit code from your phone. You punch it in, it works, and you move on with your day.

But how does that work? Is it even doing anything?

The Secret Behind the Codes

When you set up 2FA (via Google Authenticator, Authy, etc.), your app scans a QR code.

That QR isn’t just a random blob.

It contains a secret key that gets stored in a database to share it between your device and the server.

But how do those one-time codes work?

Time-Based One-Time Passwords (TOTP)

Most 2FA codes are Time-Based One-Time Passwords or TOTP:

1. Take the secret key from the QR code.

2. Combine it with the current time,

3. Run it through a cryptographic hash (ex: HMAC-SHA1).

4. Chop it down to 6 digits which now becomes the code!

5. Repeat this, usually in 30-second chunks.

💻 A Mini Example in Python

Here’s how an example of how you can generate these codes in python:

import pyotp, time

# Secret key (The QR that's shared between you & the server)
secret = pyotp.random_base32()

#generate the 6 digit code (we're using a package because I'm lazy)
totp = pyotp.TOTP(secret)

print("Secret:", secret)
print("Current 2FA code:", totp.now())

# Wait 30s and you'll get a new code
time.sleep(30)
print("Next code:", totp.now())

Run this and you’ll see a fresh code every 30 seconds, exactly like your authenticator app.

Other Types of 2FA

Not all 2FA is TOTP:

• SMS 2FA: still popular, but less secure (hackers love SIM-swapping).

• Push-based 2FA: approve a login with a tap.

• Hardware keys (FIDO/U2F): the gold standard. This is the most secured way.

Thanks to everyone who submitted!

GodOfjiz, gcavelier, ProAnshu, Pocket04, soren-martin, RISHI-GAPPIBHAI, akshaysreekrishna-byte, 190-785, AspenTheRoyal, NeoScripter, Suji-droid, and Dennis-Bauer.

Valid Hex Code

Create a function that determines whether a string is a valid hex code.

A hex code must begin with a pound key # and is exactly 6 characters in length.

Each character must be a digit from 0-9 or an alphabetic character from A-F. All alphabetic characters may be uppercase or lowercase.

Examples

is_valid_hex_code("#CD5C5C")
output = True

is_valid_hex_code("#EAECEE")
output = True

is_valid_hex_code("#eaecee")
output = True

is_valid_hex_code("#CD5C58C")
output = False
# Length exceeds 6

is_valid_hex_code("#CD5C5Z")
output = False
# Not all alphabetic characters in A-F

is_valid_hex_code("#CD5C&C")
output = False
# Contains unacceptable character

is_valid_hex_code("CD5C5C")
output = False
# Missing #

How To Submit Answers

Reply with

• A link to your solution (github, twitter, personal blog, portfolio, replit, etc)

• If you’re on the web version leave a comment!

• If you want to be mentioned here, please send a submission link not the code!

That’s all from me!

Have a great week, be safe, make good choices, and have fun coding.

If I made a mistake or you have any questions, feel free to comment below or reply to the email!

See you all next week.

Want to advertise in Sloth Bytes?

If your company is interested in reaching an audience of developers and programming enthusiasts, you may want to advertise with us here.