Even if it didn’t outright display the code you need to enter, my guess is this and similar implementations hide further vulnerabilities like: the numbers aren’t generated with a secure random number generator, or the validation call isn’t resistant to simple brute force quickly guessing every possible number, or the number is known client side for validation, etc.
Even if it didn’t outright display the code you need to enter, my guess is this and similar implementations hide further vulnerabilities like: the numbers aren’t generated with a secure random number generator, or the validation call isn’t resistant to simple brute force quickly guessing every possible number, or the number is known client side for validation, etc.
what if 435841 is the most secure 6 digit numerical code?
why use another?
I use the random number 4, I even rolled a dice to get a real random number instead of those “pseudo” random numbers. (XKCD?)
https://xkcd.com/221/
It probably just always displays the one code.
Yep. There’s going to be some absolutely massive breach at some point that hurts a lot of people.