From db51aaecb2e2770c3d4a24c88e4b3486b7169838 Mon Sep 17 00:00:00 2001 From: KyleDOT Date: Mon, 1 Jul 2024 16:57:17 +0930 Subject: [PATCH] Fixing another apostrophe --- blog/2024-06-07_MFA-i.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog/2024-06-07_MFA-i.html b/blog/2024-06-07_MFA-i.html index 7715757..8545ae7 100755 --- a/blog/2024-06-07_MFA-i.html +++ b/blog/2024-06-07_MFA-i.html @@ -14,7 +14,7 @@

Reading the below plot so far, the couple with the highest occurrences are 67 and 15 with 4 each. For doubles there are 3 appearances of 33 and 2 for each of 44, 55, 66, 99. Adjacent numbers we have the 67, and 3 appearances of 54, and 2 of 21 and 87.

Data graph

I suppose the actual number isn't actually what is important to security, just that it's another layer of security, so even if the numbers are weighted to more friendly and easy to enter, bad actors will still need the user's device or convince the user to tell them the number. Just as long as you can't predict the next number with certainty when the current expires, it doesn't really matter how random the number is, just random enough that the next can't be predicted.

-

Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) I've picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as it's easier to keep track of. Not all MFA would use the same number generation so some might be a more 'true' random while others like the one I’m plotting may be weighted.

+

Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) I've picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as it's easier to keep track of. Not all MFA would use the same number generation so some might be a more 'true' random while others like the one I'm plotting may be weighted.

I've made this 'Part I' as I wish to return to my theory and findings once I have more data.