Posts tagged ‘PIN’

When Math Falls into the Wrong Hands

My brother-in-law recently forwarded an email that contained a lot of images plucked from various degenerate corners of the internet, and he suggested that this one could go into my next book:

image of a handwritten note, with a definite integral given as the PIN code for an ATM card

I suppose it’s funny enough, and I guess it’s technically a math joke, but there’s a problem.

It doesn’t work.

I know, I know. Most people just read the joke, get the humor that the note’s author has used some odious expression to represent the PIN code, and go on about their day. Plus, I’ve heard that less than 1% of the world’s population has taken calculus, so there aren’t too many people who could actually check the math. Not to mention, how many of them would care enough to do so?

Uh… I can think of at least one person who cares enough.

Venn diagram with circle for knows calculus, another circle for cares about the math in jokes, and contains the author's image in the intersection

While it’s certainly egotistical to think that I’m the only one in the intersection, it’s likely offensive to include anyone in the intersection who really wouldn’t want to be. So apologies to Matt Parker, Des McHale, Colin Adams, Ed Burger, or any of the other funny math folks who think they should have been included.

Anyway, where was I? Oh, right. Bad math.

The definite integral in the joke sent by my brother-in-law doesn’t yield a four-digit positive integer.

calculation from Wolfram Alpha showing the value of a definite integralIn fact, it yields a very irrational number with a lot of digits:

-2.58208625277854512796640677001459519299166472798789689499…

So unless the PIN code for that bank card has an infinity of digits, well, this is going to be problematic.

I propose, instead, that the joke be rewritten to use the following:

definite integral of x-squared dx from 1 to 19Would it be less funny? Probably. But at least it’d be accurate.

Not to mention, it would be a significantly more fair to Darling. Honestly, no one should ever have to do integration by substitution.

February 25, 2019 at 7:31 am 2 comments

My Insecurity Over Security Codes

Every time I attempt to access one of my company’s applications via our single sign-on (SSO) system, I’m required to request a validation code that is then sent to my smartphone, and then I enter that code on the login page.

It’s a minor nuisance that drives me insane.

The purpose of the codes are to provide an additional level of security, but given how un-random the codes seem to be, it doesn’t feel very secure to me. This screenshot shows some of the codes that I’ve received recently:

Verification Codes

Here’s what I’ve observed:

  • Every security code contains 6 digits.
  • The first 3 digits in the code form either an arithmetic or geometric sequence, or the first 3 digits contain a repeated digit.
  • Similarly, the last 3 digits in the code form either an arithmetic or geometric sequence, or the last 3 digits contain a repeated digit.

As an example, one of the codes in the screenshot above is 421774. The first 3 digits form the (descending) geometric sequence 4, 2, 1, and the digit 7 appears twice in the second half of the code.

I believe the reason for these patterns is to make the codes more memorable to those of us who have to transcribe them from our phones to our laptops.

This got me thinking. The likelihood of someone correctly guessing a six-digit code is 1 in 1,000,000. But what is the likelihood that someone could correctly guess a six-digit code if it adheres to the rules above?

If you’d like to answer this question on your own, stop reading here. To put some space between you and my solution, here’s a security-related joke:

“I don’t understand how someone stole my identity,” Lily said. “My PIN is so secure!”

“What’s your PIN?” Millie asked.

“The year of Knut Långe’s death,” Lily replied.

“Who is Knut Långe?”

“A King of Sweden who usurped the throne from Erik Eriksson.”

“And what year did he die?”

“1234.”

(Incidentally, Data Genetics reviewed 3.4 million stolen website passwords, and they found that 1234 was the most popular four-digit code. The researchers claimed that they could use this information to make predictions about ATM PINs, too, but I don’t think so. All this shows is that 1234 is the most commonly stolen password, and therefore this inference suffers from survivorship bias. Without having data on all the codes that were not stolen, it’s impossible to make a reasonable claim. But, I digress.)

To determine the number of validation codes that adhere to the patterns I observed, I started by counting the number of arithmetic sequences. With only 3 digits, there are 20 possible sequences:

  • 012
  • 024
  • 036
  • 048
  • 123
  • 135
  • 147
  • 159
  • 234
  • 246
  • 258
  • 345
  • 357
  • 369
  • 456
  • 468
  • 567
  • 579
  • 678
  • 789

But each of those could also appear in reverse (210, 975, etc.), giving a total of 40.

There are far fewer geometric sequences; in fact, only 3 of them:

  • 124
  • 139
  • 248

And again, each of those could appear in reverse, giving a total of 6.

Finally, there are 10 × 9 × 8 = 720 three-digit numbers with no repeated digits, which means there are 1,000 ‑ 720 = 280 numbers with a repeated digit. (Here, “number” refers to any string of 3 digits, including those that start with a 0, like 007 or 092.)

Consequently, there are 40 + 6 + 280 = 326 possible combinations for the first 3 digits and also 326 combinations for the last 3 digits, which gives a total of 326 × 326 = 106,276 possible validation codes.

That means that it would be about 10× more likely for a phisher to correctly guess a validation code that follows these rules than to guess a completely random six-digit code. But said another way, the odds are still significantly against a phisher who’s trying to steal my code. And quite frankly, if someone wants to exert that kind of effort to pirate my access to Microsoft Word online, well, I say, go for it.

August 29, 2017 at 2:12 pm Leave a comment


About MJ4MF

The Math Jokes 4 Mathy Folks blog is an online extension to the book Math Jokes 4 Mathy Folks. The blog contains jokes submitted by readers, new jokes discovered by the author, details about speaking appearances and workshops, and other random bits of information that might be interesting to the strange folks who like math jokes.

MJ4MF (offline version)

Math Jokes 4 Mathy Folks is available from Amazon, Borders, Barnes & Noble, NCTM, Robert D. Reed Publishers, and other purveyors of exceptional literature.

Past Posts

June 2019
M T W T F S S
« Feb    
 12
3456789
10111213141516
17181920212223
24252627282930

Enter your email address to subscribe to the MJ4MF blog and receive new posts via email.

Join 382 other followers

Visitor Locations

free counters