Pin numbers.
-
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
obermd wrote:
I have yet to understand how PIN numbers are more secure than passwords.
It is most likely a numeric pin and not a password because manufacturing and maintaining a numeric keypad ATM machine is far more economical than producing one with a full fledged QWERTY keyboard. It almost always comes down to the costs.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
I was looking at physical distances between keys and I see that in most cases where each value is far from the next value they tend to be "more rare". Or, stated another way, "if your finger is already there, you probably pick something closeby". If you typed a 2 you probably type a 1 or 3 or maybe 5 next. The physical layout of the keypad does a lot to "force" certain combinations, I think.
-
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Whelp! Time to change all my pins to more secure ones! 9596 it is! /s
Our Forgotten Astronomy | Object Oriented Programming with C++ | Wordle solver
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
I had no choice in the matter; I just got a letter saying that this is your PIN number.
-
I had no choice in the matter; I just got a letter saying that this is your PIN number.
That's normal in the UK as well, but every bank I know allows you to set it to your preferred one once you know the one they gave you. THat's probably for security - a PIN you remember has got to be better than one written down and kept in your wallet / purse.* * Herself did that: her PIN was on a piece of paper wrapped round her debit card ... :sigh:
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
"How many assholes have we got on this ship anyway?" YO!
Software Zen:
delete this; -
You have the same phone number you did when you were a child? :confused:
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
Cell phones have been around long enough, twentysomethings very well could. Of course I'm old enough they've changed the numbering system since we banged rocks together when I was little :sigh: .
Software Zen:
delete this; -
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Oops, I guess using a particular year is not so unique anymore (and I'm guessing padding it with zeroes in 6 digit pins ain't either)
-
"How many assholes have we got on this ship anyway?" YO!
Software Zen:
delete this; -
Your pasword must contain ...[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Sanskrit, Cyrillic, Latin, Chinese, and Arabic characters should be enough for everyone! FYI, you'd be amazed at how hard it is for most applications/websites/passwords to deal with 2 different sets of alphabets.
Bond Keep all things as simple as possible, but no simpler. -said someone, somewhere
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
Banks (in India, most probably elsewhere too) block the login after three incorrect PIN entries (to unlock which the customer has to complete some formalities after visiting a bank branch). So, the customer has at least some protection.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Good, but! Back to real life. How many tries do you have, until ATM eats your credit/debet card? Here in Europe exactly 3 times. IDK how it's overseas, but I hope it's similarly limited, too. Soooo, unless PIN is explicitly linked to a card number, I think we are generally safe, aren't we? On the other hand, I checked, and my PIN is nowhere near the first hundred thousand (I didn't look further), so I can sleep like a baby one more night. :laugh:
-
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
obermd wrote:
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
I wondered that too for a long while. If you dig into the various places where PINs are used, you will find that anywhere a PIN is used, there is strong protection behind it to back it up. PINs generally have very strong limitations on how many times you can get them wrong (i.e. 3 times) -- because failure lockout reset can be controlled externally by more secure methods (2FA, MFA, big brother style behavior pattern matching, etc.) Offline attacks toward a PIN tend not to work because the PIN is not the primary secret. So the use limitation of the PIN protects the use of the much stronger public/private key encryption which protects the actual data you wish to protect. Credit/debit cards have those cryptography chips now -- those hold the public/private key encryption, locked into read-only memory in nanometer scale size, and the PIN protects the use of that strong encryption, any funny business using it -- and that strong encryption becomes invalid -- it's new card time.
-
7410 is down the left hand side of the number keys pad of a full size keyboard. 8520 is the middle, it gets zero too since the zero key is usually a double width key. No idea about the 7942 though.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
The Hitchhikers Guide to the Galaxy was first published in 1979, and as you probably know, brings the number 42 to prominence. ( @Bassam-Abdul-Baki this is sort of in reply to you, too, though yours didn't explicitly call out 7942 )
-
The Hitchhikers Guide to the Galaxy was first published in 1979, and as you probably know, brings the number 42 to prominence. ( @Bassam-Abdul-Baki this is sort of in reply to you, too, though yours didn't explicitly call out 7942 )
-
You have the same phone number you did when you were a child? :confused:
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
