Conference:  Global AppSec San Francisco 2022

Authors: Santiago Kantorowicz

2022-11-17

You likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when you sign-in (or register) to Uber, your bank (usually as a second factor), Whatsapp, etc. The most adopted OTP size is 6 digits, and we just accept that it's hard to guess, after all it's 1 in a million chance, and it's valid just for a few minutes, and leave it there. A few paranoid folks might wonder, what if get a new OTP after the first one expire, they may assume it's another 1 in a million chance, and continue with their life. The truth is that when you calculate the actual chance of guessing an OTP one after the other, the odds are NOT 1 in a million. You will be surprised how the probabilities of guessing spiral once you start thinking of brute forcing OTPs one after the other, and what about parallelising the brute force among different users, the surprise is even bigger.

Conference:  Transform X 2022

Authors: John List

2022-10-19

The presentation discusses the complementarities between AI and behavioral economics, with examples from the speaker's experiences as Chief Economist at Uber, Lyft, and Walmart. The speaker emphasizes the importance of effect identification, architectural nudges, and detection of heterogeneity in using AI to improve the bottom line and make the world better.

• The speaker shares examples of using AI and behavioral economics to improve products and scaling
• Effect identification, architectural nudges, and detection of heterogeneity are important tools in using AI to improve the bottom line and make the world better
• Examples include the economics of apologies at Uber, pricing and wait times at Lyft, and the voltage effect on scaling
• The speaker emphasizes the importance of combining economic theory, field experiments, and AI to identify causal effects and correlations