[WEB SECURITY] New two-stage login procedure

Gervase Markham gerv at gerv.net
Wed Dec 13 14:14:46 EST 2006


Brian Eaton wrote:
> On 12/13/06, Brian Eaton <eaton.lists at gmail.com> wrote:
>> They ask for three digits, so there
>> are 1000 possibilities.
> 
> <blush>
> 
> I can't count.  They ask for three digits, but order doesn't matter.
> Assuming they won't ask for you to enter the same digit multiple
> times, there are 120 possibilities, not 1000.

Order does matter. That is, they may ask for them in a random order, but 
you still have to put the 3rd one in the box marked "3rd", and so on - 
you can't put it in the box marked "2nd". So it's 1000 possibilities, 
not 120.

Gerv

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list