zlacker

[parent] [thread] 1 comments
1. malfis+(OP)[view] [source] 2025-01-05 15:31:54
Oh I know that feeling. We got in hot water because the codes were 6 digits long and security decided we needed to make them eight digits.

We pushed back and initially they agreed with us and gave us an exception, but about a year later some compliance audit told them it was no longer acceptable and we had to change it ASAP. About a year after that they told us it needed to be ten characters alphanumeric and we did a find and replace in the code base for "verification code" and "otp" and called them verification strings, and security went away.

replies(1): >>dfsego+Cl4
2. dfsego+Cl4[view] [source] 2025-01-07 04:14:35
>>malfis+(OP)
Heh. We also got treated to the digit thing. That topic alone was about 30 mins of mtg. time with a vp of eng and 2 seniors in the mtg.
[go to top]