Ok, goofballs at RSA SECURID. How hard is it to modify the algorithm so the one-time-pad skips any number that looks valid upside down? I know, I know, there are a lot of those ona 7-segment display.

If ∃ proof that OTP is insecure if such numbers are eliminated, I'll shut up.

To their credit, there is a ¼ segment flashing at the far bottom right to indicate that's the bottom, but as a dyslexic I can never remember if it's supposed to be at the top left or the bottom right. Plus it's small.

… aaaand in the time it took me to write the above 500 chars, grab a beverage, & move a load of laundry forward, the bank logged me out — forcing my 5th round of 3FA today!

Is there a security study that investigates constantly logging people out when they are in known secure locations vs. redoing auth (as latter gives attackers more chances to figure out & possible catch {2,3}FA information.

ISTR studies showed changing passwords that weren't compromised made security worse? Is that right?

@bkuhn At this point I'm willing to compromise and provide a seat to PC interface. It can log me out every time I actually stand up, but otherwise leave me be. What drives me bonkers at the moment is not being able to stay logged in long enough to do the job(s) I logged in for even with full attention -- ie reconciliations of bank statements against books, or anything that requires going back and forth or gathering info. I cope partly by printing out statements, which has its own risks.