Also serving the communities of De Luz, Rainbow, Camp Pendleton, Pala and Pauma

PIN vs. password: which one is more secure?

Chad Hammond

Special to Village News

As users of this digital age, people have many different choices. They can enable or disable web cookies, depending on how much information they want a website to gather about them. People can use encrypted services or unencrypted ones, depending on how much they’re concerned about their privacy and security.

They can also use a PIN or a password to secure their digital devices or online accounts. However, in this particular case, the choice for most of people is not as straightforward as it seems.

The other day I also had the very same discussion among my friends with three different sides of opinion. One side was backing PINs and claiming that they are safer than passwords. Others couldn’t believe that PINs made up of four, six or eight digits could be more reliable than long and complex passwords. And the third group claimed that both PIN and password serve the same purpose of identification and are safe to use. All sides had valuable insights, but we couldn’t reach an agreement. Sparked by this discussion, I decided to look deeper into this topic and look for the truth.

When should someone use a PIN?

PIN stands for “personal information number” and is used the same as a password to prove that the person has the right to access data. A PIN usually consists of a string of four to eight numbers, and it was first introduced in the 1960s together with automatic teller machines. The obvious drawback is that a PIN is limited to 0-9 numerical digits. A PIN made up of four numbers offers 10,000 possible combinations. That may seem like an easy nut to crack, but it’s not as straightforward as it seems.

PINs are normally used on touch-screen devices and always require manual data entry. An automated brute-force attack may not work as most of the systems that use a PIN also specify maximum attempts count before disabling the device.

For example, if the device limits PIN entry to six attempts, there is a 0.06% chance that someone will be lucky enough to crack the four-digit code. Of course, if the PIN is ‘0000’ or ‘1234,’ the probability of being hacked increases massively.

When should someone use a password?

A good password is a combination of numerical digits, upper- and lowercase letters and various special characters. It could also be a phrase made up of words with the same requirements. Like the PIN, the password concept first appeared in the early 1960s and has been used ever since. A 10-character password has 59,873,693,923,837,900,000 different variations, and most people are probably thinking they know which of the two is more secure. However, it’s not all about mathematics.

Passwords are used online or for devices like computers, which usually don’t have any limits on failed attempts. That’s why passwords can be compromised with the help of an automated brute-force attack. Of course, not all attacks are practical, as most of them would take years to crack a strong password. But hacking technologies are evolving fast, making such attacks more sophisticated and successful.

Password versus PIN: the verdict

Going back to the discussion that I had with my friends, I can safely say that all the opinions were correct in one way or another. The answer to this question depends on where they use the PIN or password.

If people want to unlock their touch-screen devices, the safest and easiest way is to use a PIN because of the manual entry and the attempt limit. When it comes to online accounts or computers, passwords are much safer due to the simple math of available combinations.

Also, users can enable multi-factor authentication in most online accounts. The 2FA adds another layer of safety, minimizing the risks of automated brute-force attacks. Even if someone manages to get through a strong password, they won’t be able to access the account, as the second step of verification will stop them.

Chad Hammond is a digital security expert at NordPass. NordPass is a new generation password manager shaped with cutting-edge technology, zero-knowledge encryption, simplicity and intuitive design in mind. It securely stores and organizes passwords by keeping them in one convenient place. NordPass was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. For more information, visit http://www.nordpass.com.

 

Reader Comments(0)