Re: PIN security
- From: rohnskii@xxxxxxxxx
- Date: 23 Jan 2009 18:17:09 -0000
This is just my optinion.
A pin is the "old-style" name for a password. Given the reality of encryption cracking today, a password/pin should not be less than 8 char, and preferably "complex" mix of characters. A 4 digit PIN, especially in a new system should be considered criminally irresponsible.
That being said, I think the inertial of the installed code and application base is going to make changing PIN length almost impossible. I think they had a small window of opportunity with the present rollout of "chip" cards (ATM and Credit) but they missed it.
PS: have you seen this article on why the PIN is 4 char long: