h a l f b a k e r y
A riddle wrapped in a mystery inside a rich, flaky crust

meta:

account: browse anonymously, or get an account and write.

 user: pass:
register,

# PIN disguise

I'm not going to say "PIN Number" even though I want to
 (+6, -1) [vote for, against]

There are a few ideas on here for disguising your PIN but they seem fairly complicated and involve a degree of memory/mathematical knowhow that makes them problematic for daily use.

With the proliferation of "chip and PIN" throughout the UK the use of PINs is increasing. Most - in fact, probably all - of the PIN entry keypads I've used in shops are patently insecure, inasmuch as the sides don't actually obscure anyone's view of the keypad as you're typing.

Rather than creating algorithms for endlessly cycling random PINs, how about modifying the existing machines to take a longer code? Anything between say, 6 and 10 digits, of which 4 must be your PIN in the correct order. Therefore, if your PIN is 3298, you type in 154232989. My reasoning is that a 6,8,10 or whatever-digit number is harder to remember than a 4-digit one.

For additional security, in the string you type you could include a validating digit immediately before your PIN (although this in effect just creates a 5-digit PIN and maybe shouldn't be implemented)

 — kmlabs, Dec 06 2004

Simple but it should work.
 — Belfry, Dec 06 2004

 kpverytgoodfbs

(I assume the same thing could be used on computers, to foil people who try to use a keystroke capturer to record your password)
 — phundug, Dec 06 2004

I'd expect most people to use the first four for the PIN and backfill the rest (1234999999 where 1234 is the PIN).
 — phoenix, Dec 06 2004

 Why not code the amount of \$ you want in there, as a quick macro?

E.g. 12343001 means I want \$300 from account #1, my pin is 1234, and any digits before the 1234 are ignored; they're for disguise.
 — phundug, Dec 06 2004

 [phundug] you're thinking of ATMs I guess... I was thinking more of chip and PIN at Point of Sale, where transactions are authorised by entry of your PIN rather than a signature.

Your system would work too though, and would make ATMs much simpler - in theory you wouldn't even need a screen, although that would mean that error messages (such as "sorry, you're too broke to withdraw that amount") would have to be shouted out in a synthesised voice - which could be quite embrarrassing...
 — kmlabs, Dec 07 2004

This is a great idea.
I have often mis-typed my password, pressed delete a few times and re-typed. I mused if anyone could actually follow the keystokes and remember my password. I suspect it would be quite difficult.

[phundug], a keystoke capture routine could simply send the whole string, again. Somewhere in that string is the password.
 — Ling, Dec 07 2004

 [annotate]

back: main index