Author Topic: Cracking PIN's (Read 1965 times)

Scout26 · « **on:** December 27, 2012, 06:13:34 PM »

One PIN I use is the last four of the phone number I had when I lived in Germany. Another is one that was assigned by USAA over 25 years ago. A third is one that came with a company cell phone about 12 years ago that I haven't had in 10 years. None are relevant in anyway to me (No kids' birthdates, or last four of any SSN, etc. Also none are either in the Easy 20 or the Unpopular 20). I won't tell you what things I use them for.

http://finance.yahoo.com/blogs/the-exchange/cracking-pin-code-easy-1-2-3-4-130143629.html

41magsnub · « **Reply #1 on:** December 27, 2012, 06:26:54 PM »

12345? That's the same password that is on my luggage!

Ben · « **Reply #2 on:** December 27, 2012, 06:31:23 PM »

It's always annoyed me that my bank (don't know if others are the same) only allows me a 4 digit pin for my ATM card. Eight would be a nice start for the key to my freakin' dough. I've also run into quite a few financial and other sites where you would want a higher level of security for web logon passwords that forbid special characters. Don't even get me started on not allowing spaces and pass phrases.

Angel Eyes · « **Reply #3 on:** December 27, 2012, 07:23:01 PM »

Quote from: Ben on December 27, 2012, 06:31:23 PM

It's always annoyed me that my bank (don't know if others are the same) only allows me a 4 digit pin for my ATM card. Eight would be a nice start for the key to my freakin' dough. I've also run into quite a few financial and other sites where you would want a higher level of security for web logon passwords that forbid special characters. Don't even get me started on not allowing spaces and pass phrases.

Mine allows five digits, but yes, 8 or more would be good.

lupinus · « **Reply #4 on:** December 27, 2012, 08:25:13 PM »

Quote from: Ben on December 27, 2012, 06:31:23 PM

It's always annoyed me that my bank (don't know if others are the same) only allows me a 4 digit pin for my ATM card. Eight would be a nice start for the key to my freakin' dough. I've also run into quite a few financial and other sites where you would want a higher level of security for web logon passwords that forbid special characters. Don't even get me started on not allowing spaces and pass phrases.

keep in mind the average idiot can't be bothered to remember 4

Northwoods · « **Reply #5 on:** December 27, 2012, 08:29:54 PM »

I've had the same 4 digit pin for 15 years. It includes birthday and anniversary related dates, but not in a normal mm/dd/yy sort of format. 'Course I ain't saying which birthdays or anniversaries are included, nor the format actually used.

Scout26 · « **Reply #6 on:** December 27, 2012, 09:06:52 PM »

Quote from: Ben on December 27, 2012, 06:31:23 PM

It's always annoyed me that my bank (don't know if others are the same) only allows me a 4 digit pin for my ATM card. Eight would be a nice start for the key to my freakin' dough. I've also run into quite a few financial and other sites where you would want a higher level of security for web logon passwords that forbid special characters. Don't even get me started on not allowing spaces and pass phrases.

To get to my info on my bank's website I have to enter in my Login ID and password. Then a four digit PIN, then answer a security question. Fail one and I get booted.

If I call, I have to give my member#, give a piece of personal info, answer a security question, and give my phone password.

Ben · « **Reply #7 on:** December 27, 2012, 10:26:54 PM »

Quote from: scout26 on December 27, 2012, 09:06:52 PM

To get to my info on my bank's website I have to enter in my Login ID and password. Then a four digit PIN, then answer a security question. Fail one and I get booted.

If I call, I have to give my member#, give a piece of personal info, answer a security question, and give my phone password.

My bank's website is actually pretty good. It allows a very long password, plus uses a site key, and if I'm on a computer I don't authorize for repeated recognition, additionally asks me a question. Given all that, it perplexes me as to why they won't allow more characters for the ATM card (though lupinus brings up a good point - they potentially would have to hire a ton of extra staff to handle card password resets).

seeker_two · « **Reply #8 on:** December 27, 2012, 11:47:31 PM »

I have all mine set to a numerical algorithm that equal the number of times that fistful has been right in an APS discussion thread.

41magsnub · « **Reply #9 on:** December 28, 2012, 12:02:34 AM »

Quote from: seeker_two on December 27, 2012, 11:47:31 PM

I have all mine set to a numerical algorithm that equal the number of times that fistful has been right in an APS discussion thread.

So all zeros then?

TechMan · « **Reply #10 on:** December 28, 2012, 09:10:25 AM »

Quote from: seeker_two on December 27, 2012, 11:47:31 PM

I have all mine set to a numerical algorithm that equal the number of times that fistful has been right in an APS discussion thread.

What a softball question.

Quote from: 41magsnub on December 28, 2012, 12:02:34 AM

So all zeros then?

And he hits it out of the park....

MechAg94 · « **Reply #11 on:** December 28, 2012, 09:48:30 AM »

Quote from: 41magsnub on December 27, 2012, 06:26:54 PM

12345? That's the same password that is on my luggage!

Change the password on my luggage! And stop calling me on this wall!

I figure the reason for 4 numbers is they think they are striking a balance between good protection and people not just writing the PIN number down on something in their wallet with the card.

What ever happened to fingerprint scanners? I recall BofA at least talking about offering that as an option, but it went away.

seeker_two · « **Reply #12 on:** December 28, 2012, 12:34:54 PM »

Quote from: 41magsnub on December 28, 2012, 12:02:34 AM

So all zeros then?

Yep....and a lot of them.....

Scout26 · « **Reply #13 on:** December 28, 2012, 12:40:45 PM »

Quote from: MechAg94 on December 28, 2012, 09:48:30 AM

What ever happened to fingerprint scanners? I recall BofA at least talking about offering that as an option, but it went away.

Once someone lifts your print, it's real easy to copy (latex mold), and unlike a PIN, it's really hard to change your fingerprint.

vaskidmark · « **Reply #14 on:** December 28, 2012, 06:58:50 PM »

Look at the keys on the keypad - there are certain ones that are filthy-grimey because they are touched the most often. This is especially so for individual keypad devices such as are found on gun safes and the like.

This Good Housekeeping hint has been brought to you my Murphy's Oil Soap and a damp lint-free cloth.

stay safe.

MechAg94 · « **Reply #15 on:** December 29, 2012, 01:54:58 PM »

Quote from: scout26 on December 28, 2012, 12:40:45 PM

Once someone lifts your print, it's real easy to copy (latex mold), and unlike a PIN, it's really hard to change your fingerprint.

Hoe easy is it to actually do that? I recall there was a MythBusters episode where they were trying to spoof a keyboard fingerprint scanner and it wasn't that easy.

On the other hand, in the event of a robbery, I would rather the thief need a number I know in my head rather than just my hand.

freakazoid · « **Reply #16 on:** December 29, 2012, 02:45:25 PM »

At my first job they moved from using your social to log in to using a fingerprint scanner. I remember it being possible to trick it into thinking you were someone else by lightly touching it and messing with your position on the scanner.

White Horseradish · « **Reply #17 on:** December 29, 2012, 02:52:04 PM »

Quote from: scout26 on December 28, 2012, 12:40:45 PM

unlike a PIN, it's really hard to change your fingerprint.

Not at all. All it takes is not wearing gloves and 30 seconds with an angle grinder with a wirewheel mounted.

Well, ok. It was a thumbprint, but the concept applies.

KD5NRH · « **Reply #18 on:** December 30, 2012, 12:07:17 PM »

Quote from: White Horseradish on December 29, 2012, 02:52:04 PM

Not at all. All it takes is not wearing gloves and 30 seconds with an angle grinder with a wirewheel mounted.

Try catching a dropped Zippo by the hot chimney the day before you have to get a set of prints done for FFL paperwork. That got some double takes by the deputies.

Correct horse battery staple. XKCD was right; I haven't looked at that in months, and it's still solid in my mind.

Marnoot · « **Reply #19 on:** December 30, 2012, 07:23:35 PM »

The problem with the XKCD random-dictionary-passphrase approach to passwords is the fact that you should never have the same password for everything, or even more than one thing. While one random passphrase can be very easy to memorize, it becomes exceptionally difficult to memorize several of them, not to mention which random passphrase for which website.

I currently use a password scheme using a mental algorithm where parts of the URL are transformed into password elements (to aid in remembering the passwords since this makes them different for every site).

Though, I'm rapidly growing in the opinion that the best and most secure password option is to use a password "vault" like LastPass, KeyPass, etc. program/app secured with a single, secure randomized dictionary passphrase, that uses strong, completely randomized, site-unique passwords for each site.

KD5NRH · « **Reply #20 on:** December 30, 2012, 08:40:33 PM »

Quote from: Marnoot on December 30, 2012, 07:23:35 PM

The problem with the XKCD random-dictionary-passphrase approach to passwords is the fact that you should never have the same password for everything, or even more than one thing. While one random passphrase can be very easy to memorize, it becomes exceptionally difficult to memorize several of them, not to mention which random passphrase for which website.

This problem is even more prevalent with current password schemes. The advantage of full-word-based passphrases is that in many cases it would be feasible to have a little drawing like the XKCD pic that the user can easily interpret, but wouldn't be particularly clear to someone else.

News:

Author Topic: Cracking PIN's (Read 1965 times)