Answer the question
In order to leave comments, you need to log in
Is it possible to implement two-factor authentication in the head?
An idea came up, and I immediately thought that I wasn’t the only one who thought about it, but I couldn’t find a ready-made solution, it’s either not necessary or not possible.
The essence of the idea is to use as a second "factor" simple manipulations in the mind. But I have never seen a fairly simple algorithm.
So far I have not come up with anything better than addition as a hash in my mind:
The server and the user know the numeric pincode
After entering the password, the server asks to add three random digits from the pincode and compares with its own result.
The pincode is not transmitted and does not leave the user's head.
If you implement such a simple system, then you need to at least calculate the required number of authorizations before the pincode can be completely restored. (how many attempts it takes to pick it up)
I have a feeling that someone has already done something like this, or it simply does not make sense, since it will be possible to sort through all the options while a person adds up 1 + 2 + 3 for the first entry ...
Answer the question
In order to leave comments, you need to log in
It doesn't make sense for two reasons.
1. Easy to open.
2. Even if you do not know the PIN, the probability of selection is too high.
The second is due to the fact that we have numbers from 0 to 9 - which means that the sum of three will be in the range from 0 to 27. What about the first? If we have N digits, the code is restored in N linearly independent linear combinations. For example, we don't know c and d, but the combinations 2a+b, a+2b and a+b are linearly dependent, and if any two combinations are revealed, the third one will also be revealed. To do this, we need to solve the system of linear algebraic equations:
{ 2a + b = 10
{ a + 2b = 11
Hence a = 3, b = 4, and a + b = 7.
The idea of "proving knowledge of the password without revealing the password itself" is poorly implemented on human brains. A person cannot quickly carry out complex (crypto-resistant) calculations in his mind. And everything that is easy to count in the mind, either easily allows you to calculate the password, or makes it more likely to pass the test by accident, without knowing the password.
At one time there was such an interesting implementation, but it needs a lot of "request-response" series.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question