I need to write a generator that will generate an 8-digit number used for a two-factor authentication implementation. Currently I am debating between:
- generating 8 random digits between 0 and 9 and creating a string containing those digits
- generating a random number between 10000000 and 99999999
The only visible difference between the two approaches is that first would allow the first digit to be 0, but I'm not sure if the wider range of the second approach would be more secure.
Both approaches will involve using SecureRandom, unless there is a better approach. I'm using Java 6.
How do most two-factor authentication services generate their codes? Which approach is more secure and/or is considered a better practice, or does it not matter?
Aucun commentaire:
Enregistrer un commentaire