Permutations

My customer's organization allow us to lot into their network using a VPN. This means we do not have to be on site to gain access to needed resources. Normally I work from my company's office. However I also have the ability to connect from home as well.

There is a two phase authentication. First we need to be able to type in our username and password. Then we are challenged with some codes to enter. These codes are based on a set of combinations that are unique to each person. You would think that this was a very strong defense against intrusion. However I found something weird about the secondary layer.

You are told to enter some codes in order. There are only n numbers. If you chose all the combination and permutations of those n numbers, there is a universe of possible choices. However if you restrict the codes so that they must always be in order, you have cut down the problem space of the possibilities significantly.

I am not a Math major. However I bet I could study up a bit and determine exactly how much less secure the ordered code entry is. This is very strange. My customer is a big organization. You would think they would have top notch security. They would most likely blame their security vendor.