|
Ravi Bhavnani wrote: I think they would need to be persisted to a database due to the challenge of maintaining a large in-memory store across geographical boundaries.
I was thinking about this myself and there is a way around it that isn't that difficult -- a solution that makes it so they never have to store codes.
1. They could generate SHA-256 hashes based on time and some other salt.
2. Then they can either:
2a. return 6 chars of the SHA-256 (from anywhere within the 64 character hex-based hash) -- this would be the code that the user would type into the form to verify. Later the server side would just generate the hash again and match to the 6 chars that the user typed.
2b. or calculate a number from the sha-256 hash
The point here is that they use a reproduceable method for generating a sha-256 hash so that they don't have to store values anywhere.
Since these codes would expire within 10 minutes it is unlikely a hacker could recreate the hashes in time anyways.
There are definitely ways -- that aren't that difficult -- so they don't have to store these codes in a db.
it would be very similar to the old key fobs used for vpn sign on. see image[^]
here's a wiki article about them: RSA SecurID - Wikipedia[^]
The vulnerabilities are man-in-the-middle attack but that is true for the other codes too.
modified 6-Mar-24 13:27pm.
|
|
|
|
|
The database is of codes that were used. They are expired.
|
|
|
|
|
Joe Woodbury wrote: The database is of codes that were used. They are expired.
oh, what!?! How do those expired codes matter?
I'm completely confused!
|
|
|
|
|
Forbes wrote: Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise I am more for: The problem is not the SMS per se, the problem is the way the codes are generated and validated and the SIM duplication / phone clone (vendors fault)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
The Lost Universe offers a free deep-space adventure that can be adapted to your favorite TTRPG system. Roll D20 to launch
|
|
|
|
|
Kent Sharkey wrote: Roll D20 to launch and 5D20 to land (and stay straight)
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Why do we spend so much time on a process nobody wants? If you’re doing it right, the performance review process should be unnecessary. No one *needs* them
Middle management *wants* them, because it gives them an actual purpose in life.
modified 8-Mar-24 12:26pm.
|
|
|
|
|
Exactly. Everyone is being reviewed every day.
|
|
|
|
|
Kent Sharkey wrote: No one *needs* them Totally agree.
At least mine (this week) went good for me
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
My employer's hyper-active HR department, minds stuck in the 1980's, requires quarterly reviews for everyone, from both exempt professionals and non-exempt employees.
There are no solutions, only trade-offs. - Thomas Sowell
A day can really slip by when you're deliberately avoiding what you're supposed to do. - Calvin (Bill Watterson, Calvin & Hobbes)
|
|
|
|
|
Quarterly reviews? That is bad.
|
|
|
|
|
The answer to "Why" is so that HR Departments have an excuse for existing to the extent they are today. When HR depts first became a thing you only needed 1 maybe 2 people b/c all they did was take care of hiring/firing paperwork. In order to justify why an HR dept. like where I work consist of 10 women, it must have many more duties and responsibilities so the primarily female run HR Depts everywhere came up with new annoying means to justify their existence like these evaluations.
|
|
|
|
|
I'm intrigued by why you feel it necessary to call out the gender preference in your particular HR department - sounds like a sexist jibe. How ironic on International Women's Day!
Our primarily male HR department would have you on a disciplinary for that.
|
|
|
|
|
This thread is heading in a troubling direction. Disperse.
Locked.
Thanks,
Sean Ewington
CodeProject
|
|
|
|
|
Here it's not middle management of even teh execs but the HR dept that is responsible for this unbelievably dumb reviews we have to do annually. Within the IT dept every employee (who still works here) always gets the exact same review and I can guarantee you both the employees filing out their part and their supervisor doing his spend as little effort as they can on these things.
|
|
|
|
|
Google today took aim at the SEO industry which has gamified search rankings to destroy the value of Google Search results. Barn door closed? Check. Now, where's the horse?
|
|
|
|
|
Article wrote: which has gamified search rankings to destroy the value of Google Search results. So... looks like the crap is starting to be noticed in the revenues... if not, why would they even care after so much time?
Additionally I wonder... will they work through or cancel it next week?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
For software teams, the pressure is on to adapt. Someone has to make sure the AI-generated code actually works
|
|
|
|
|
Quote: Thanks to AI, the coder is no longer king: All hail the QA engineer Yeah, right...
we see it everyday around the industry.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Quantum computing has very few practical applications, but Google will pay you millions to figure some out. And then some magic happens. (I'll send my deposit information separately)
|
|
|
|
|
Get government grants.
Where's my money?
|
|
|
|
|
Kent Sharkey wrote: And then some magic [^] happens FTFY
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Willison: "No model has beaten GPT-4 on a range of widely used benchmarks like this." This week's delivery from the AI of the Week Club
|
|
|
|
|
By human, we mean that stoner in the corner...
- or -
We plagiarize better than GPT-4.
|
|
|
|
|
Joe Woodbury wrote: We plagiarize better than GPT-4. You only need to look at our moderation queue and the S&A forum
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|