So is that your PIN number?

In the spirit of Richard's post below on a little 'no tech hacking'; on a couple of occassions recently I've had friends wanting to show me photos taken on their iphones, and inadvertantly reveal some potentially quite damaging information.

To set the scene, you're discussing a subject (such as a holiday) and your friend says "want to see the photos?". Applying the in the affirmative, they whip out their phone and hold it up for you to see, hitting a button and entering their unlock PIN to begin showing you the photos.
It's at this stage I ask "so, is that number you just entered the same as your ATM-card PIN?"
Sheepish looks ensue as they mumble "....yes...." and I reply "you might want to change that...or lend me your ATM card!"

Now this certainly isn't an 'iphone-problem' as such, or I'd wager even a new problem. It is however exacerbated by the new touchscreen smartphones and their big friendly on-screen keypads that make it much easier to 'shoulder-surf' from greater distances and see the PIN number more easily as it is entered.
ATM card PIN numbers are a little unusual as for a lot of people they are one of the few 'enforced' passwords they use. By 'enforced' I mean they are passwords that are dictated and not chosen by the end user, they are often just a random (or semi-random) 4-digit string that was supplied by the bank.
Although these days you can often choose a PIN number while opening a new account, this wasn't always the case and many people have had the same PIN number for years, from card to card, keeping the one they've already memorized. After all we are often creatures of habit.

So when the new phone arrives and needs to be set up with a 4-digit PIN number, it seems not uncommon to grab the first available 4-digit number that you already have memorized - your ATM PIN (I'd wager birthdays or borth year are the other popular options) and off you go.

What's the risk? Well it's probably pretty low. I'm not really going to run off with my friend's ATM card, nor bother remembering their PIN number after seeing it initially. But low risk is not no risk and doing something as simple as scrambing or reversing your ATM PIN (if that must be the basis of your phone PIN) is better than using the same number.

A little research into PIN numbers brought up an interesting fact; the inventor of the ATM PIN, Brtion Mr Shepherd-Barron wanted to use a 6-digit number (based on his army number), but his wife said she could only remember 4-digits - so that became the world standard!*

And btw, yes I have an iphone and no my PIN is not the same as my ATM card! (nor any derivative thereof!)

*Except for Switzerland, where apparently 6-digits is the default....

0 Response to "So is that your PIN number?"

Post a Comment

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme