Ah, so I had it the wrong way around. It's the BTC-e site that gives you the "seed" key for the authenticator. Is that right ?
Yes.
I then need to screenshot this "seed key" so that if I loose my device I can set it up on another one.
Correct. Many people forget this step and have difficulties getting access to their account back when they lose their phone or whatever. I have taken the habit to print the page that shows the secret key and then scan the QR code with my smartphone from the print.
Then I stick that in the authenticator and it replies with another code which I feed back to BTCe (in the same window that it gave me the "seed key"). That tells BTCe that I set the device up correctly. If I set it up wrong, then BTCe will see that the "response" didn't match the "seed key" it gave me.
Yes.
Is that the end of the configuration phase ? Are we onto "use" phase after that ?...
Yes.
Then BTCe gives me a challenge key at each log in - I need to enter that in the authenticator (not any old authenticator, but the one I originally configured with BTCe's "seed" key). The authenticator will give me a response which I then enter in the BTCe loggin.
No, the code you enter to log in is calculated using only 2 bits of information:
- the secret key you entered in the configuration phase.
- the current time (in blocks of 30 seconds).
These two pieces of data are combined and hashed in a specific way to yield a 6 digit number that you use to log in. There is no challenge from BTC-e. When you log in, instead of just entering your email and password, you also have to enter the 6 digit number that changes every 30 seconds.