Do registration codes need expiry?

I work on an application where users are sent a unique registration code in the post. They use this, along with other personal information known to the user, to confirm the identity of the user upon creating a new account.

Does the unique registration code sent in the post need an expiry time (like after 30 days)?

The argument that has been made to me is that if there is no expiry then a fraudster has longer to collate the personal information about the intended user to confirm identity. Therefore, they argue that adding an expiry decreases the likelyhood of fraudsters creating an account posing as the intended user.

However, if that’s the case, I would imagine that having an expiry would make no difference. If a fraudster has intercepted this mail then the individual has been personally targeted and the fraudster would be able to obtain the personal information to request another code?

Adding two BCD codes

enter image description here

Why is the correction I showed on the picture there? I was teached that i have to do correction when the digit is bigger than 9 and it isnt.

Does it have anything to do that I carried number from there to next digit? But then I was teached that in BCD code I cannot say if correction is needed based on the carry, I can only do that in Excess 3 code.

I am getting very confused with those things and if somebody has one good place where I can get some info about subtracting those number that I would appreciate that. I can find many places but none of them are complete and somehow they are all different

Should captcha or verification codes be case sensitive?

As I have come across many verification codes, the most annoying thing in them is when you write in all letters in the code in lower case and the code is rejected saying its not valid. Some codes are accepted and some are not. And the user has no idea if they are case sensitive or not before actually submitting it and validating it. Given the curvy, hardly recognisable characters on the codes, not making the users aware of its case sensitivity could annoy them more and bring down the UX.

So what would be the ideal way to deal with this ??

How can I create 10-character, unique codes with no collisions, but without being predictable?

If we are using numbers and letters, there are 36^10 unique combinations. Collision is already unlikely, but I need it to be impossible, so using hashing is out of the picture(?).

The use-case is users redeeming each one, if they have been “activated” as redeemable. Think like Webkinz codes.

An inefficient solution would be to generate all of them at once, have a property on each saying whether it has been activated or not, and keep a pool of those that have been redeemed and those that haven’t.

Keeping a database of 36^10 codes just because I can’t come up with a clever algorithm is pissing me off, so I’m here for your help.

Any ideas?

How can I create 10-character, unique codes with no collisions, but without being predictable?

If we are using numbers and letters, there are 36^10 unique combinations. Collision is already unlikely, but I need it to be impossible, so using hashing is out of the picture(?).

The use-case is users redeeming each one, if they have been “activated” as redeemable. Think like Webkinz codes.

An inefficient solution would be to generate all of them at once, have a property on each saying whether it has been activated or not, and keep a pool of those that have been redeemed and those that haven’t.

Keeping a database of 36^10 codes just because I can’t come up with a clever algorithm is pissing me off, so I’m here for your help.

Any ideas?

How do RF remote clones manage to clone rolling codes?

I wanted to clone my garage door remote to learn more about IoT security in particular so I read a lot about rolling codes, and the more I read the more I am convinced there is no way to actually clone any rolling/hopping code remote even with its master key (seed value or encrypting key) – there are many algorithms out there to derive the next values for a given synchronisation counter and seed value/encrypting key.

And yet! The so-called “universal remote” manage to clone rolling-code remotes when fed the master key in addition to the button signal… How is that possible? Do they use a very common encrypting device and just assume that the majority of remotes out there use the same algorithm (I stumbled upon the HCS301 during my research, maybe Keeloq is the most widespread?)?

Do we have data about how elders use QR codes?

I’m designing an app, and someone has defined that they want the user to login using a QR code in their mobiles and show them in a camera, that will recognise them and allow them to access.

Our persona is an elder woman, from 60 to 80, not very comfortable with technology. And I’m pretty scared that users will drop if they don’t understand the flow:

1.Open the app 2.Locate the QR 3.Show it to the camera.

So, do we have data about how elder users use QR’s? (In my company user testing it’s not well recieved, so unfortunately we can’t make test)

Thanks!

Is it possible to only receive in-app codes (no text messages) in authy?

I’ve heard that in-app codes are generally more secure than codes sent over SMS, which can theoretically be intercepted. If this is true, then is there any way to ensure that authy only delivers codes to you through the authy app, rather than SMS/text message? On a similar note, is it possible to force authy to only use touch ID for unlocking the app, instead of giving you the option of using both touch ID and a PIN?

Google SMS verification codes broken on a loop – should I be concerned?

So this is a little out of the ordinary. Not sure what to make of it. I’ve enable 2-Step Verification on a Google account.

When opening mail or other G-related services, it sends an SMS(text message) to my cell, with a code. That code is used to complete the login to mailbox… But obviously you already knew that !

A few weeks back, few minutes after a successful login, I received the same code again. Figured it was a cell provider glitch. Then again. And again the same code. So on for a day or so.. weird, but didn’t think more of it, life goes on.

Except that now everytime loging in to Google, same happens, which is concerning.
I ruled out the phone itself as a cause (iPhone), it’s in good health, recently restored to factory settings, and the glitch is only with codes from Google.

I’ve made an illustrated screenshot, with timestamps visible.. see for yourself 🙂

For clarity : while receiving the SAME code again i’m still logged in and experience no disruption on the web.

From the Google help :
Note: If you received multiple verification codes, only the newest one will work. If you requested multiple verification codes, keep in mind that it might take some time for the latest code to arrive.

Usually when you request a code again, it’s supposed to send a new one, so doesn’t look like someone is trying my account over and over again.

Any of you smarties have a clue what might be in play?

enter image description here

How To Install Responsive Google Adsense Ad Codes On AMP Blogs

Google AMP has been trending alot lately and thousands of bloggers are switching to AMP responsive templates everyday. Using an AMP supported website gives you a shot at ranking higher in search results and also aid better User experience.

But AMP does not support normal google Adsense Ads implementation, which might lower your adsense earnings. So today I’ll be discussing on how to install Google Adsense Ad codes on AMP Responsive blogger blogs.

How To Install Responsive Google Adsense Ad Codes On AMP Blogs