Why aren't alphabetic pins an option?

LukeLovesSecurity

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
With a typical pin, it is a combination of 4-8 numbers. Each number has ten different possibilities from 0-9. However, 1 letter has 52 possibilities. There are 26 letters, and there is lower and uppercase, doubling it to 52. From 10 to 52 is a big jump, and would take much longer to brute force and guess. So if alphabetic pins would be much more secure, why aren't they an option?

P.S I want to make it clear I do not want to replace normal numeric pins, as people have an easier time remembering a set of numbers rather than letters. But for people like me who can remember 8 random letters, there should be an option to chose alphabetic pins.
 
AnonMan

AnonMan

Level 2
Verified
Aug 4, 2017
74
LukeLovesSecurity said:
With a typical pin, it is a combination of 4-8 numbers. Each number has ten different possibilities from 0-9. However, 1 letter has 52 possibilities. There are 26 letters, and there is lower and uppercase, doubling it to 52. From 10 to 52 is a big jump, and would take much longer to brute force and guess. So if alphabetic pins would be much more secure, why aren't they an option?
Click to expand...

I think it is because the PIN is design to be more user friendly and easy to remember by the user it self. That's why the ATMs around the world use PIN. As for security measurement, many PIN verification systems allow three attempts before the card is blocked.
I think Microsoft were thinking the same that a PIN is suppose to be simpler than a password. That's why in Windows 8/10 they only use alphanumeric in PIN. Actually, Microsoft is giving the option to create a more secure PIN by enabling PIN complexity but it is hidden in group policy.
Head up here to enable it -------- TenForums - Enable or Disable Require Special Characters for PIN in Windows 10.
 
  • Like
Reactions: frogboy, Winter Soldier, Fritz and 1 other person
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
It is not the structure of a PIN (length, complexity, and alphanumeric characters) to make it better than a password in a specific context, but its functioning.

One important difference between a password and a PIN is that usually a PIN is associated with the specific device in which it is configured (you think to your smartphone). That PIN will be unusable without that specific hardware. If someone steals your password, he can access your account from any device, while if someone steals your PIN, he has to steal the device to be able to use it.
 
  • Like
Reactions: tonibalas, shmu26, mlnevese and 2 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Credit card PINs can be guessed even when covering the ATM pad
Replies
0
Views
786
News Archive
silversurfer
silversurfer
chetuyet.hp
    • Like
Serious Discussion Data encryption software: CPPcryptfs
Replies
1
Views
537
Other security for Windows, Mac, Linux
Bot
Bot
nickstar1
    • +Reputation
    • Like
New Update Malwarebytes Introducing the Digital Footprint Portal.
Replies
2
Views
227
Malwarebytes
LennyFox
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top