Re: PIN security



This is just my optinion.

A pin is the "old-style" name for a password. Given the reality of encryption cracking today, a password/pin should not be less than 8 char, and preferably "complex" mix of characters. A 4 digit PIN, especially in a new system should be considered criminally irresponsible.

That being said, I think the inertial of the installed code and application base is going to make changing PIN length almost impossible. I think they had a small window of opportunity with the present rollout of "chip" cards (ATM and Credit) but they missed it.

PS: have you seen this article on why the PIN is 4 char long:

http://www.securityfocus.com/blogs/227