Why does the SMS verification code need to be limited? It’s understandable to say online that it’s for fear of violent cracking, especially when the verification code is only four bits long.
But why does the token generated by JWT also need to set the validity period? Token is a string of encrypted strings, which is not violent.
Little violence breaks token. Catch the bag to catch the token that never fails, and know the password of the account.
The system needs to take into account any possible situation to avoid and deal with it effectively. It is unreliable to think that any information from outside is unreliable.
In another way of thinking, verification code should exist.
sessionOr in the relevant database, if the verification code does not expire, it will be unexpected.
sessionDon’t expire, it feels like a day.
The enterprise enhances the security of SMS verification by limiting the verification time of SMS and lengthening the verification field. The lengthened SMS authentication code increases the difficulty of being deciphed by violence, and wants to decipher it must be done in the valid time of the SMS authentication code, so the time to limit the validity of the SMS authentication code is also to improve the security.Means.
tokenIt’s the backend’s basis for authenticating the user’s identity. Once the security is stolen, it’s conceivable to use timeliness to reduce the impact of theft.
1.Saving resources, the server can not be permanently saved, the server is under pressure.
The security of SMS verification can be improved by limiting the verification time of SMS and lengthening the validation fields. The lengthened SMS authentication code increases the difficulty of being deciphed by violence, and wants to decipher it must be done in the effective time of the text message verification code, so the time to limit the validity of the SMS authentication code is also a means of improving the security.
It’s cost to send text messages. A short message, 2 cents.
The company has a cost of operation.
After all, we live in the physical world.
Prevent malice from malice
Reducing the pressure on server storage
Certainly not. According to Murphy’s rule, if there is no validity period, it will be cracked. It is only the time.