Skip to main content

Just How Random Are Two Factor Authentication Codes?

posted onApril 22, 2018
by l33tdawg

You know two-factor authentication tokens, the ephemeral, six-digit numbers you use as a second layer of security when logging into, say, your email? Those constantly updating, randomly generated numbers are one of the easiest ways to protect your accounts from being hacked. But for some time now, I've harbored a pet conspiracy theory about those codes: Maybe they aren't as random as we're led to believe.

It began with an observation: My codes often seem to include elements that make them easier to remember. Elements like single-digit repeats (111 293; 134 441); multi-digit repeats (112 222); palindromes (353 595); ascending or descending sequences (345 564); repeating number order (618 514); and combinations thereof (876 565). Occasionally I'll get lemons, like 031 472 or 253 741, which are less appealing in an (admittedly vague) aesthetic sense and more difficult to remember. But more often than not, the passcodes that appear in my Google Authenticator app seem tailored to reduce the cognitive burden of storing them in my working memory, the short-term storage bin our brains use to stash information for a few precious seconds before forgetting it forever.

Source

Tags

Encryption

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th