Friend generated a one time password for me, I wrote it down. He generated a new one. He logged in and went about his business. I attempted to log into his account ten minutes later and it worked. So does that mean that the passwords don't have a temporary timer to them? So doesn't that mean that you can randomly guess at someone's "one-time password?" Here is a conversation with a GM. It's a big picture, but to cut it short, he doesn't help. He even stated he had issues with it.
http://img5.imageshack.us/img5/9909/32549464.jpg
So if these passwords never run out of time, and are always active until someone uses it, then isn't it a possibility to simply brute force the password? I am not saying it would be instant, but think about it. There are 6 digits to the number, starting at 000000, to 999999. That means there are 10^6 possibilities of number combinations. To give an example, if you had a two digit number starting at 00 and ending at 99; then there are 100 combinations no? To find out you times the amount of possibilities in the first digit by the amount in the following digits. The first digit can contain 0-9, as in ten numbers; the same thing occurs in the second digit. So 10 x 10 = 100 combinations. So, 6 digits = 10 x 10 x 10 x 10 x 10 x 10 or more easily written as 10^6 (One million possibilities). So either there is only one million possibilites over all of the accounts existent in FFXI and they all can only be used once (which will run out quickly). Or somehow the security token is able to generate a wireless signal and transmit it to a satellite in space which bounces back to Square Enix headquarters. Some people might say that SE and your token generate a password at the same time and when you push the button, it works for only a certain small time. But then how long does the password last for? Because if I recall, SE said it only lasted thirty seconds, but yet I just discussed with a GM that it worked for more than 10 minutes at a time. So If multiple sources are brute force hacking a PoL ID at the same time, does the token even help?
Discuss....