KyleDOT/kyledot.net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing apostrophes

Browse Source
This commit is contained in:
KyleDOT 2024-06-17 20:17:18 +09:30
parent ccbbb06672
commit f81e6bb031
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
blog/2024-06-07_MFA-i.html
View File

@ -10,12 +10,12 @@
<h3>2024-06-07</h3>
</div>
<div class="blog_body">
<p>Anecdotally I kept seeing certain numbers and patterns showing up in a 2 digit MFA that I regularly use, notably double or adjacent numbers, so I started plotting them out, while I only have 80 data points from the last couple months. I believe its slowly confirming my theory, could still be coincidence is at play with the low amount of data compared to the 90 possible outcomes, but if not Im curious to as why they arent a fair random.</p>
<p>Anecdotally I kept seeing certain numbers and patterns showing up in a 2 digit MFA that I regularly use, notably double or adjacent numbers, so I started plotting them out, while I only have 80 data points from the last couple months. I believe it's slowly confirming my theory, could still be coincidence is at play with the low amount of data compared to the 90 possible outcomes, but if not I'm curious to as why they aren't a fair random.</p>
<p>Reading the below plot so far, the couple with the highest occurrences are 67 and 15 with 4 each. For doubles there are 3 appearances of 33 and 2 for each of 44, 55, 66, 99. Adjacent numbers we have the 67, and 3 appearances of 54, and 2 of 21 and 87.</p>
<img src="media\MFA-i.png" alt="Data graph" class="img_center">
<p>I suppose the actual number isnt actually what is important to security, just that its another layer of security, so even if the numbers are weighted to more friendly and easy to enter, bad actors will still need the users device or convince the user to tell them the number. Just as long as you cant predict the next number with certainty when the current expires, it doesnt really matter how random the number is, just random enough that the next cant be predicted.</p>
<p>Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) Ive picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as its easier to keep track of. Not all MFA would use the same number generation so some might be a more true random while others like the one Im plotting may be weighted.</p>
<p>Ive made this Part I as I wish to return to my theory and findings once I have more data.</p>
<p>I suppose the actual number isn't actually what is important to security, just that it's another layer of security, so even if the numbers are weighted to more friendly and easy to enter, bad actors will still need the user's device or convince the user to tell them the number. Just as long as you can't predict the next number with certainty when the current expires, it doesn't really matter how random the number is, just random enough that the next can't be predicted.</p>
<p>Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) I've picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as it's easier to keep track of. Not all MFA would use the same number generation so some might be a more 'true' random while others like the one Im plotting may be weighted.</p>
<p>I've made this 'Part I' as I wish to return to my theory and findings once I have more data.</p>
</div>
</div>
<footer>