Hiding a PIN number

[Brian WoodParticipant @brianwood45127]

This is rather out of the usual matters of engineering but I have been giving some thought to finding a secure way of 'hiding' an important PIN number and better still by doing so in plain sight.

All this came about when my wife recently discovered, much to her embarassment that she had forgotten the PIN number on her credit card—having been using it quite frequently as a contactless card. Talking about this new hazard since to traders it is clear it is becoming a very frequent problem

As these are invariably four figure numbers, why not build it into a dimension on a drawing you have pinned up in the workshop? The units could be whatever you please and xx.xx inches or millimetres would look perfectly reasonable to anyone not in the know.

Other variants on the theme are of course equally suitable, it is all down to one's imagination

We keep being urged to change these things frequently 'to improve our security' but it gets more and more difficult to remember them all and which applies to what

Regards to all

Brian

[Brian WoodParticipant @brianwood45127]

[KWILParticipant @kwil]

A bit difficult to take the workshop drawing to the shops every time

[Clive FosterParticipant @clivefoster55965]

I've always used phone numbers for PINs. Bit easier to remember than a pure number but I make sure by putting a a coded contact xxx reminder on the front page of my diary for each card. Smart phone equivalent for many these days I guess.

Clive

[not done it yetParticipant @notdoneityet]

Yes, I have used a phone number with the PIN inserted within the number. In the middle, at one end, alternate numbers, back to front, etc. The number, if phoned, would unlikely be answered and it is an unlikely scenario by a phone thief!

Just got to remember the number’s name, which is not toooo difficult.

[Mike PooleParticipant @mikepoole82104]

As you can change the PIN to one of your choice with many cards then perhaps a memorable year would be useful, just don't use one that is associated with you or your family that could be discovered if your identity is stolen.

Mike

[Adam MaraParticipant @adammara]

If its numbers only, our first telephone number, just for digits, BT have completely changed it over the years, and is nothing like the origin

If its alpha numeric, its my first car registration number, one I can remember! Trouble is now days, they want numbers, letters, lower case and upper case and a 'special character', how is one supposed to remember these without writing it down.

So they are on a Excel spreadsheet, but just hints i.e. 'first car' , 'num' telephone number etc. Saved on a hidden sheet in an obscure file!

[Brian WoodParticipant @brianwood45127]

I did say that other variants on the theme were OK, it just boils down to whatever you find works for you. I find phone numbers difficult to remember, especially if bits of code are hidden within.

I was though rather taken with KWIL's concern about taking the drawing with you to the shops, I hadn't thought of that, but then Clive and NDIY have to take a phone book with them instead

Brian

[Richard MarksParticipant @richardmarks80868]

Draw a square subdivided into smaller squares, randomly write in letters that match the number of the card and make them into a name that you can remember

[V8EngParticipant @v8eng]

I am pretty good at remembering a four digit pin, perhaps with more than one card a sequential numbering system might help remember them?

I do find contactless cards very worrying because I cannot see any form of security if they are stolen or lost, which is something that has been covered recently in the media.

We are constantly being told to use different long (and complex) pins for each online account yet not write them down. Using one of the secure number storage systems has been suggested, I always think that the dodgy people are probably very busy trying to hack those, if that were to happen then the hackers could take control of ones online life.

One of the other issues of modern life seems to be identity theft, I know someone that happened to, it took approximately two years of constant nightmare to sort out, after all how can you prove you are you when somebody else can also prove that they are you? Hope that makes some sense.

Edited By V8Eng on 05/07/2018 10:59:40

[Ian S CParticipant @iansc]

You can take the drawing in the workshop to the shops, your phone has a camera, just take a photo, that can be left well out of immediate sight.

Ian S C

[Mick B1Participant @mickb1]

Posted by Ian S C on 05/07/2018 11:06:52:

You can take the drawing in the workshop to the shops, your phone has a camera, just take a photo, that can be left well out of immediate sight.

Ian S C

If you can remember how to find and display that with a load of irritated people behind you in the till queue, 4 digits shouldn't be a problem…?

[pgk pgkParticipant @pgkpgk17461]

Pin numbers I remember or if it;s a new one code it within a phone number. Web passwords come under two headings… really important and general. For general one i use a consistent few characters which are either prefixed, suffixed or in the middle. Most attempts to 'crack' passwords are brute force so the longer the better. For really secure password then I shan't divulge what i use but you can easily make up words like @$$@$$1N63 (assassin) for example with your house number after it. the longer the better so say, palindrome it @$$@$$1N6336N1$$@$$@ – that should keep the brute force boys busy.

 

pgk

Edited By pgk pgk on 05/07/2018 11:35:15

[Nick Clarke 3Participant @nickclarke3]

As an IT professional and trainer for more than 35 years please do not hide your password, no matter how well disguised, in a phone number. It is the first example of 'what not to do' in many security training sessions, followed by a word or number that can be related to you – wife/child/pet's name favourite sports team etc.

The good news is that most thieves cannot be bothered to try to find out a PIN – but in the odd exception do not leave your PIN in the same wallet as your card.

If you carry a phone with you put the number in that, with a screenlock on the phone.

Separation of card/PIN is the key point here.

[Speedy Builder5Participant @speedybuilder5]

Convert it into Octal or Hexadecimal – not many crooks would sort that out '23417' or '270F'. I think binary may take to long to sort out.

[Perko7Participant @perko7]

Pins are easy, I usually use a mathematical equation eg 9+8=17 gives 9817. There's plenty of options to make it memorable such as those previously suggested, or maybe incorporate digits from you car number plate, or your postal code, or your car's engine capacity in cc's (not many exceed 4 digits unless you have an 11 litre diesel in your hatchback ).

What is worse in passwords, where many sites now require you to have a combination of letters (upper and lower case), numbers and other characters such as @#$%&. Makes it almost impossible to remember without writing them down somewhere. I keep a folder in my email archive which holds all my usernames and passwords embedded in emails to myself. All i need to remember now is which one belongs to which website because most only give you three attempts before locking you out.

Life was meant to be simpler.

[john fletcher 1Participant @johnfletcher1]

For those of us who had the misfortune to waste time doing National Service, how about using the first or last four numbers of your service number or even the centre four. You can also use a mixture of upper and lower case. John

[Mike PooleParticipant @mikepoole82104]

The days of PINs and passwords are probably numbered as biometric methods of recognition take over. The fingerprint lock on my iPhone is most useful and seems secure enough for online banking to use it as the only ID check. It could put your body parts at risk with the crims though.

Mike

[DalboyParticipant @dalboy]

I have never forgotten a pin number as I don't own a card of any kind. And never want to either I have survived this long without.

[Clive HartlandParticipant @clivehartland94829]

My wife had a new debit card where the last four numbers of the card were the same her Pin number ! For some reason she changed to another Pin number.

Clive

[SamsarandaParticipant @samsaranda]

John, service numbers work very well, no matter how old you get you are very unlikely to forget your service number because it was who you were, works for me.

Dave W

[not done it yetParticipant @notdoneityet]

Brian,

Most people have access to a mobile phone, so take their ‘phone book’ with them.

If I wanted to hide a pin of 1234, I might enter a phone number of 019561234871. The PIN would, or should, be recognised from within the number – as long as one digit can be remembered! That number might be saved as a number for “Fred” (or anything you fancy) on the phone. Perhaps Larry Brown (for Lloyds Bank), Neil Whotsisname (for National Westminser), etc.

It is simply a hidden reminder, particularly for those that can remember the numbers but not the order, or can only remember part of it.

Probably won’t help those of us with dementia, mind.

[ZebethyalParticipant @zebethyal]

@$$@$$1N63 (assassin) may or may not be caught by a crack attempt depending on the rules being applied, brute force will always break it eventually, just a matter of how long it takes.

Most password cracks will start with a decent dictionary, plus names of/from popular films, books, sports, pets, etc, then apply a number of rules to modify the letters: @ or 4 for A, $ or 5 for S, 3 or £ for E, 1 or ! for I, etc and then add numbers or random characters on the beginning or end.

I used to regularly run a similar crack against our password file, and used to break around 90% of them in under 10 minutes for the entire 1000+ entry file, and constantly warn them about weak passwords. Unfortunately several of them complained if their password ever changed from 'ChangeMe'!

You can still use the above approach, but don't use the same alteration for all instances of the same letter, and rather than use a single word, use multiple words or use a phrase that is easy to remember and choose the first letter of each word, that way it is not even in the dictionary to start with, you can also replace entire words with numbers 'won' or one' with 1, 'to' 'too' or 'two' with 2 and 'for' or 'four' with 4, etc.

C4t.$at.m@t – Cat sat mat

B6b$hy4w? – Baa baa black sheep, have you any wool?

Nitt4agm2c2taotp – Now is the time for all good men to come to the aid of the party.

The simplest way of obtaining any password is still watching someone type it in, so best to use both hands and learn to type it reasonably fast.

I used to have a passphrase for PGP (pretty good privacy ) around 20 years ago, that required a lengthy pass phrase. The one I used was my spellings for the Excalibur 'charm of making', that applied 2048 bit encrypyion to whatever message I was sending to someone:

Anaarl nathrak uthus bethud bethel nienthe – good luck to anyone remembering that whilst watching me type it in!

Watch out for criminals with cigar cutters looking to remove your thumb/finger (think Durant in Darkman ) for biometric recognition.

Edited By Zebethyal on 05/07/2018 14:36:40

[Mick B1Participant @mickb1]

History lessons at my school consisted of memorising lists of dates in the first half of the lesson, followed by a test in the second half. Imaginative or what?

This has left me with a potential mine of PIN numbers with links to obscure events which few folk will be able to date.

Edited By Mick B1 on 05/07/2018 14:35:34

[Brian GParticipant @briang]

Posted by Zebethyal on 05/07/2018 14:33:14:

…The simplest way of obtaining any password is still watching someone type it in, …

Simpler still, look at the post-it stuck to the monitor or "cunningly" hidden on the underside of the keyboard.

Brian

[Author]

Posts