h a l f b a k e r yI didn't say you were on to something, I said you were on something.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
PIN disguise
I'm not going to say "PIN Number" even though I want to | |
There are a few ideas on here for disguising your PIN but they seem fairly complicated and involve a degree of memory/mathematical knowhow that makes them problematic for daily use.
With the proliferation of "chip and PIN" throughout the UK the use of PINs is increasing. Most - in fact, probably all
- of the PIN entry keypads I've used in shops are patently insecure, inasmuch as the sides don't actually obscure anyone's view of the keypad as you're typing.
Rather than creating algorithms for endlessly cycling random PINs, how about modifying the existing machines to take a longer code? Anything between say, 6 and 10 digits, of which 4 must be your PIN in the correct order. Therefore, if your PIN is 3298, you type in 154232989. My reasoning is that a 6,8,10 or whatever-digit number is harder to remember than a 4-digit one.
For additional security, in the string you type you could include a validating digit immediately before your PIN (although this in effect just creates a 5-digit PIN and maybe shouldn't be implemented)
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
Simple but it should work. |
|
|
(I assume the same thing could be used on computers, to foil people who try to use a keystroke capturer to record your password) |
|
|
I'd expect most people to use the first four for the PIN and backfill the rest (1234999999 where 1234 is the PIN). |
|
|
Why not code the amount of $ you want in there, as a quick macro? |
|
|
E.g. 12343001 means I want $300 from account #1, my pin is 1234, and any digits before the 1234 are ignored; they're for disguise. |
|
|
[phundug] you're thinking of ATMs I guess... I was thinking more of chip and PIN at Point of Sale, where transactions are authorised by entry of your PIN rather than a signature. |
|
|
Your system would work too though, and would make ATMs much simpler - in theory you wouldn't even need a screen, although that would mean that error messages (such as "sorry, you're too broke to withdraw that amount") would have to be shouted out in a synthesised voice - which could be quite embrarrassing... |
|
|
This is a great idea.
I have often mis-typed my password, pressed delete a few times and re-typed. I mused if anyone could actually follow the keystokes and remember my password. I suspect it would be quite difficult.
[phundug], a keystoke capture routine could simply send the whole string, again. Somewhere in that string is the password.
|
|
| |