Security Basics mailing list archives
Re: PIN security
From: rohnskii () gmail com
Date: 23 Jan 2009 18:17:09 -0000
This is just my optinion. A pin is the "old-style" name for a password. Given the reality of encryption cracking today, a password/pin should not be less than 8 char, and preferably "complex" mix of characters. A 4 digit PIN, especially in a new system should be considered criminally irresponsible. That being said, I think the inertial of the installed code and application base is going to make changing PIN length almost impossible. I think they had a small window of opportunity with the present rollout of "chip" cards (ATM and Credit) but they missed it. PS: have you seen this article on why the PIN is 4 char long: http://www.securityfocus.com/blogs/227
Current thread:
- PIN security s0h0us (Jan 23)
- Re: PIN security B 650 (Jan 23)
- Re: PIN security Kevin Tunison (Jan 27)
- <Possible follow-ups>
- Re: PIN security evilwon12 (Jan 23)
- Re: PIN security rohnskii (Jan 23)
- Re: Re: PIN security bradrose (Jan 27)