Hiding a PIN number

[Russell EberhardtParticipant @russelleberhardt48058]

I used to write down the ten's compliment of the digits and then reverse them. These days I can't be bothered and just use the same pin number for all my cards – but don't tell anyone!

Russell

[Nick Clarke 3Participant @nickclarke3]

Posted by Zebethyal on 05/07/2018 14:33:14:

C4t.$at.m@t – Cat sat mat

Or for C programmers 2b || !(2b) = To be or not to be

and if you are worried about biometrics what about removing the entire eye as in Dan Brown's Angels and Demons?

[Howard LewisParticipant @howardlewis46836]

With a suitable couple of extra digits as a prefix, or suffix, they can be made to look like telephone numbers. The art is making the name plausible, and memorable for yourself.

Howard

[David TParticipant @davidt96864]

Posted by Nick Clarke 3 on 05/07/2018 17:11:43:

Or for C programmers 2b || !(2b) = To be or not to be

I'm sad enough that that made me chuckle

 

Edited By David T on 06/07/2018 16:31:21

[Colin HeseltineParticipant @colinheseltine48622]

Someone I know has used a credit card sized piece of cardboard with something like a 6 x 5 matrix of squares on it. Each square has a letter of the alphabet on it and a digit from 0-9. These are allocated at random. All he does is remember a key word which means something to him and uses it to find the appropriate numbers of the pin.

I must admit to using the pin hidden in telephone or fax number in the past.

At one time at work I had to remember about 20+ passwords for different items of computer hardware/routers etc., and being a bank they were not always simple. But using them regularly I could remember them all.

Colin

[Nick Clarke 3Participant @nickclarke3]

In the early nineties I was part of a team doing a roll out for a large organisation and as we went round the huge office we would ask the user to log in and we would do the upgrade. However people were less concerned with security in those days so after the first day what happened was that we would turn up and a bunch of people would allow us access by telling us their passwords or letting us know where they were saved while they went off for a coffee.

Post-it notes on the edge of the screen with the password in plain text or perhaps disguised as phone numbers were the most common, followed by a note in the top desk drawer. The passwords we were told included sports teams (MUFC, AVFC, LCFC, Blues, Reds, Notts, Barbarians, Essex etc) names, presumably of family or pets, or every swear word as foul as you like.

I still reckon that if I typed **** or ******** into a computer in any large office I could get into at least one computer. (replace the asterisks to (bad) taste!)

[SillyOldDufferModerator @sillyoldduffer]

Chaps,

Some of you are using methods that aren't secure. It's important not to underestimate the methods used by an expert to break them, or even a script kiddie. The tricks people use to make and remember passwords and pin numbers are well-known and most of them are poor security. Might seem tough by human standards, but they're paper thin in the face of a computer attack. Even a small computer can search for a password permutation in a file containing several million possibilities in well under a second, crack anagrams in microseconds, and apply substitutions in a flash. The pre-defined comparison file can contain words copied from the dictionaries of many different languages, plus lists of well-known choices, c0mm0n numerations, and other known obfuscations.

The single most important feature of a security key is that it be an unpredictable combination. Don't use anything based on a meaningful string of characters, or a meaningful string that's been encrypted with pen and pencil methods.

We are so bad at making up passwords that many organisations won't let us. Instead users are periodically told to pick one from a freshly generated and unique list of randomised character, number and punctuation strings at least 9 characters in length. The disadvantage of this system is people write down hard to remember passwords. They even write down passwords after being told it's a sacking offence…

Zebethyal recommended a good way of generating long semi-randomised passwords from a memorable phrase. I often use characters selected from book titles, author names, publisher and edition numbers spiced up with punctuation. Much to be said in favour of 'Nitt4agm2c2taotp' but – for obvious reasons – avoid obvious pass phrases.

Does strong security matter? Lots of people hide front-door keys under a flower pot and never get burgled. I prefer not to take unnecessary risks on the internet; anyone can come calling…

Dave

Edited By SillyOldDuffer on 06/07/2018 20:33:00

[Author]

Posts