Passwords - A Bad Mnemonic System: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say ''c-r-a-p''.
Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say ''c-r-a-p'' supposed to be an easy reminder.
<pre>
<pre>
___0______1______2______3______4______5______6______7______8______9__
___0______1______2______3______4______5______6______7______8______9__
Line 17: Line 17:


----
----

In the next step all the blank fields are filled up with random characters.

<pre>
___0______1______2______3______4______5______6______7______8______9__
| | | | | | | | | | |
| F | I | W | C | K | N | O | E | S | Y |
|______|______|______|______|______|______|______|______|______|______|
| | | | | | | | | | |
| H | F | V | O | R | G | T | D | F | U |
|______|______|______|______|______|______|______|______|______|______|
| | | | | | | | | | |
| A | G | E | L | P | H | M | D | A | C |
|______|______|______|______|______|______|______|______|______|______|
| | | | | | | | | | |
| T | P | F | O | M | W | Z | K | S | K |
|______|______|______|______|______|______|______|______|______|______|
</pre>

'''Conclusion:''' This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme.

Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.

----
[[Passwords - Design Errors And Operational Issues|Back (Design Errors)]] | [[Passwords - Table of Contents|Table of Contents]] | [[Passwords - System Issues|Next (System Issues)]]

Latest revision as of 20:50, 8 November 2004

Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say c-r-a-p supposed to be an easy reminder.

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |  C   |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |      |  R   |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |      |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |  P   |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|

In the next step all the blank fields are filled up with random characters.

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|  F   |  I   |  W   |  C   |  K   |  N   |  O   |  E   |  S   |  Y   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  H   |  F   |  V   |  O   |  R   |  G   |  T   |  D   |  F   |  U   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |  G   |  E   |  L   |  P   |  H   |  M   |  D   |  A   |  C   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  T   |  P   |  F   |  O   |  M   |  W   |  Z   |  K   |  S   |  K   |
|______|______|______|______|______|______|______|______|______|______|

Conclusion: This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme.

Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.


Back (Design Errors) | Table of Contents | Next (System Issues)