Is this reset mechanism conceptually flawed? Even with one attempt before invalidating the code, you have a 1:999,999 shot of stealing someone's account by lotto. Not bad odds for an automated process.
It's like every account on Instagram has an alternative six digit password.
You are right. Betting everything on a 6 digit code surely is a mistake. For example, try same code on a million different account, and you definitely get access to atleast 1 of them. (Considering they are using a good random generator)
Sony was using 8 characters of alphanumeric at one point. They reduced it to 6 digits. It turns out that the chance of guessing six digits successfully given one or two tries only is low enough to satisfy human beings when it comes to “annoyance versus protection”, especially when codes expire after a couple attempts.
Yeah that is if they limit attempts and put code expiry in place which instagram did not have and as well it's missing warning systems for users as well as a temporary locking mechanism for such a feature if fraud is detected by the user.
Those limits are more important to personalities than a lambda user.
Problem with alphanumeric, is you have people from foreign countries who do not even have an english keyboard installed on their phone. Default is probably their native language and they do not care to add a secondary or switch.
mkagenius|6 years ago
SifJar|6 years ago
floatingatoll|6 years ago
raws|6 years ago
throwaway66666|6 years ago
Numeric values solve that problem.
edit: drunk typing
unknown|6 years ago
[deleted]
thefreeman|6 years ago