KyleDOT/kyledot.net
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ccbbb06672
kyledot.net/blog/2024-06-07_MFA-i.html
KyleDOT ccbbb06672 MFA - Part I
2024-06-16 21:39:03 +09:30

27 lines
2.2 KiB
HTML
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html>
<head>
<title>Kyle's Blog</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="blog_head">
<h1>MFA & Radomness - Part I</h1>
<h3>2024-06-07</h3>
</div>
<div class="blog_body">
<p>Anecdotally I kept seeing certain numbers and patterns showing up in a 2 digit MFA that I regularly use, notably double or adjacent numbers, so I started plotting them out, while I only have 80 data points from the last couple months. I believe its slowly confirming my theory, could still be coincidence is at play with the low amount of data compared to the 90 possible outcomes, but if not Im curious to as why they arent a fair random.</p>
<p>Reading the below plot so far, the couple with the highest occurrences are 67 and 15 with 4 each. For doubles there are 3 appearances of 33 and 2 for each of 44, 55, 66, 99. Adjacent numbers we have the 67, and 3 appearances of 54, and 2 of 21 and 87.</p>
<img src="media\MFA-i.png" alt="Data graph" class="img_center">
<p>I suppose the actual number isnt actually what is important to security, just that its another layer of security, so even if the numbers are weighted to more friendly and easy to enter, bad actors will still need the users device or convince the user to tell them the number. Just as long as you cant predict the next number with certainty when the current expires, it doesnt really matter how random the number is, just random enough that the next cant be predicted.</p>
<p>Note: I also believe this is true of a 6 digit I use regularly as (again anecdotally) Ive picked up what I believe are patterns, unpredictable but still user friendly. I figured I track the 2 digit as its easier to keep track of. Not all MFA would use the same number generation so some might be a more true random while others like the one Im plotting may be weighted.</p>
<p>Ive made this Part I as I wish to return to my theory and findings once I have more data.</p>
</div>
</div>
<footer>
<p><a href="https://kyledot.net/blog/home">Return to blog home</a></p>
<p>Made by Kyle - Last updated: 2024-06-16</p>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink