Why are PINs still numeric-only?

By | January 3, 2012
So pretty much every electronic device has a full or virtual keyboard, and the most secure passwords consist of multiple words strung together. So why do we still have PINs made up of only numbers? Seems to be an achelles heel of security modernization measures…

Make your PIN code more secure using three unique numbers – Cell Phones & Mobile Device Technology News & Updates | Geek.com
Jan. 2, 2012 – With half of the adults in America now owning some sort of smartphone that has access to personal information, hackers are using some simple methods to

9 thoughts on “Why are PINs still numeric-only?

  1. Sophie Wrobel

    Some additional pet peeves:
    Your username must contain at least one letter and at least one number.
    Your password must be exactly eight characters long.
    Your password cannot contain (fill in the blank).
    You can use a longer password, but we recommend that you use a password with 5 characters.

    Reply
  2. Loki Wijnen

    Something that also annoys me is websites that don't allow the use of any other characters than letters and numbers. What''s wrong with allowing symbols too?

    Reply
  3. Sophie Wrobel

    It isn't just mobile phones which have archaic PINs – the finance industry annoys me too. Credit cards are equally bad, and 5-character restrictions on online banking PINs which some financial institutions (not all) aren't much better.

    Reply
  4. Fabio Plachetta

    I'm not saying everyone (but a large percentage of smartphone users at least) is using iPhones, that's not my point. What I'm saying is, that the article is somewhat far fetched (because of the instant wipe) and not very accurate (because of the complex code). Maybe Android, too, has complex pin codes? It would expect something like this from a modern smartphone. For older phones, yes, 3 numbers for a 4-code-pin are better, but not really, because: It's only 24 vs 36 possible combinations, since you know the exact numbers that can occur.
    Edit: And the amount of times the numbers can occur, only once in the 24 combinations, and one number can occur twice in 36 combinations.

    Reply
  5. Karsten Wegmeyer

    well there are tales out there that people might use other devices then iOS based ones… and 4^10 is much less secure then i.E. 4^36 so there is a sense in that.

    But as you mentioned some OSes give you some extra security, iOS might have better encryption. HTC allows graphical Paths to login to the phone. Motorola has some phones with fingerprint-reader ( whereas they are told to be not that secure really).

    But nevertheless it is a good idea to bump the targetroom up to 4^36 for PINS.

    Reply
  6. Fabio Plachetta

    As if somebody would immediately remote-wipe their phone once they can't find it… So the increase of 12 more possible permutations is, yes, somewhat more secure, but not really. And, once again, iOS supports full complex codes for it's lock pin. It can be easily turned on in the settings and allows you to use all keys from the keyboard (and I'm not aware of a length restriction)

    Reply

Leave a Reply

Your email address will not be published.