Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

2 factor authentication - optimum length of code?

  • 11-01-2015 1:37pm
    #1
    Reesy
    Registered Users, Registered Users 2 Posts: 716 ✭✭✭


    Hi,

    In the last week I've signed into a bunch of accounts using 2-factor authentication. For the second factor I've had a PIN sent to me by SMS:
    - One Irish telco use 4 digits
    - One webmail provider used 6 digits
    - And this morning a cloud application used 7 digits.

    One might argue that the more valuable the data accessed, the longer the string needs to be - but surely in practice, 6 digits are always enough because the 2-factor PIN shouldn't allow more than a few retries?


Comments

  • #2
    hmmm
    Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    The PINs would also have an expiry time set, and most will have brute force protection. All these factors would feed into an optimum length of code, depending on the risk assessment and the sensitivity of what was being protected.


  • #3
    obsidianclock
    Closed Accounts Posts: 158 ✭✭obsidianclock


    Reesy wrote: »
    Hi,

    In the last week I've signed into a bunch of accounts using 2-factor authentication. For the second factor I've had a PIN sent to me by SMS:
    - One Irish telco use 4 digits
    - One webmail provider used 6 digits
    - And this morning a cloud application used 7 digits.

    One might argue that the more valuable the data accessed, the longer the string needs to be - but surely in practice, 6 digits are always enough because the 2-factor PIN shouldn't allow more than a few retries?

    I think you're right Reesy, provided no more than a few retries are allowed, I would say six digits are more than enough.


Advertisement