Encrypt at Source. Decrypt at Destination.

One day, I was wondering how the banking security tokens could be working? 

We know for sure, it’s not an internet related… not at all. Cause when you travel abroad, it still functions, even though you’re completely offline (e.g. airplane mode). 

It works as your personal identifier to the bank, you say a secret-word, and the bank verifies this secret-word according to an algorithm and verify against a secret-key. How did the bank know the phrase, is it pre-stored phrases or numbers? I don’t think so. 

I think what matters to the bank are something like three characters hidden deep within a string.  And all what the security token do, is to generate any string that contains the three characters.

As an example: So if you send “abcd01234” as a verification code to the bank. The bank will only check for the existence of only three characters within the “abcd01234” string (the three characters are c,2,d) if they exist, then it will allow you through, otherwise, you’ll keep guessing words. 

I’ve came up with something that I wanted to use as a Google Analytics filter to completely prevent spam hits from making it to my Google Analytics Reports. The idea is very simple.

I ran the “Challenger Tool” to generate a Secret-Word that is based on three defined characters and associate the value as a custom-dimension value. Then in Google Analytics I checked for these characters using Regular Expressions.