Wouldn't this mean that anybody logging in with an authenticator app and you're username and password would be able to get in?Basically, most of the numbers (if not all) randomly generated by computers aren't actually random, as they rely on things like the clock. So what these apps do is use the same "seed" that the authenticator will want, so they both end up generating the same number.