Passwords - A Bad Mnemonic System: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 39: Line 39:


Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.
Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.

----
[[Passwords - Design Errors And Operational Issues|Back (Design Errors)]] | [[Passwords - Table of Contents|Table of Contents]] | [[Passwords - System Issues|Next (System Issues)]]

Latest revision as of 20:50, 8 November 2004

Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say c-r-a-p supposed to be an easy reminder. 

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |  C   |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |      |  R   |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |      |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |  P   |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|

In the next step all the blank fields are filled up with random characters. 

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|  F   |  I   |  W   |  C   |  K   |  N   |  O   |  E   |  S   |  Y   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  H   |  F   |  V   |  O   |  R   |  G   |  T   |  D   |  F   |  U   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |  G   |  E   |  L   |  P   |  H   |  M   |  D   |  A   |  C   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  T   |  P   |  F   |  O   |  M   |  W   |  Z   |  K   |  S   |  K   |
|______|______|______|______|______|______|______|______|______|______|

Conclusion: This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme.

Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.

Back (Design Errors) | Table of Contents | Next (System Issues)

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Passwords_-_A_Bad_Mnemonic_System&oldid=3082"