I think the PIN idea is good, as long as you’re able to tie it to some unique device hardware ID. Then you have a form of two-factor authentication (something you have + something you know). This does limit the end user to only being able to use their PIN with a single active/authorised device though.
Another alternatives would be to use one-time pad or token (e.g. SMS a unique security code for each login) From: [email protected] [mailto:[email protected]] On Behalf Of Greg Keogh Sent: Wednesday, 11 November 2015 2:25 PM To: ozDotNet <[email protected]> Subject: Re: Mobile passwords I like how some apps (banking in particular) map the login details to a 4 digit pin on the device. Gets rid of this problem. Hey Dude, I had a chat the person managing this app and they said the customer wants to stick with mixed case passwords. So for now, it's reduced to a human problem that's solved by emailing out some instructions to the users. iPads are a bit too slick with the keyboards though, and case changing does require caution. Although I think my iOS might be a bit old and I vaguely recall reading that Apple recently changed the behaviour slightly. In future though I'm going to remember this problem and consider using PINs where it's suitable. GK
