We haven't mentioned context!
ATMs and some mobile apps use PINs, because they have more limited input
methods. Entering a secure, 10 digit password is tough without a full
keyboard. The 9 digit keypad provides a simple and accessible method of
entry, but we have to secure the PIN by adding
PINs aren't actually that secure. They can be easily compromised in
all sorts of ways, do a search for ATM pin vulnerability or ATM pin
theft for gory details.
--
J. E. 'jet' Townsend, IDSA
Designer, Fabricator, Hacker
design: www.allartburns.org; hacking: www.flatline.net; HF: KG6ZVQ
PGP:
They are only secure enough because you can't easily write a program
to automatically run through them in the physical world like you can
on a computer. If you created a website that uses 4 to 6 digit
numbers as passwords, I could get into the site in a matter of hours.
A good hacker could
On Dec 31, 2009, at 8:44 AM, Jared Spool wrote:
My math says you only get 10,000 combinations from a 4 digit PIN, which I
would imagine is even less secure.
Math was never my strong suit. Stupid zeros!
Welcome to the
PINs are sometimes used on the web (I've seen this in IVRs too) in combination
with another piece(s) of personal information. See Delta.com for an example.
Out of curiousity, does any know why we aren't using PIN numbers as internet
passwords? A huge percentage of people already have a banking