Passwords - A Bad Mnemonic System: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say ''c-r-a-p''. |
Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say ''c-r-a-p'' supposed to be an easy reminder. |
||
<pre> |
<pre> |
||
___0______1______2______3______4______5______6______7______8______9__ |
___0______1______2______3______4______5______6______7______8______9__ |
||
Line 17: | Line 17: | ||
---- |
---- |
||
In the next step all the blank fields are filled up with random characters. |
|||
<pre> |
|||
___0______1______2______3______4______5______6______7______8______9__ |
|||
| | | | | | | | | | | |
|||
| F | I | W | C | K | N | O | E | S | Y | |
|||
|______|______|______|______|______|______|______|______|______|______| |
|||
| | | | | | | | | | | |
|||
| H | F | V | O | R | G | T | D | F | U | |
|||
|______|______|______|______|______|______|______|______|______|______| |
|||
| | | | | | | | | | | |
|||
| A | G | E | L | P | H | M | D | A | C | |
|||
|______|______|______|______|______|______|______|______|______|______| |
|||
| | | | | | | | | | | |
|||
| T | P | F | O | M | W | Z | K | S | K | |
|||
|______|______|______|______|______|______|______|______|______|______| |
|||
</pre> |
|||
'''Conclusion:''' This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme. |
|||
Some banks allow customers to use their own pins and it is believed that about a third uses a birthday. |
|||
---- |
|||
[[Passwords - Design Errors And Operational Issues|Back (Design Errors)]] | [[Passwords - Table of Contents|Table of Contents]] | [[Passwords - System Issues|Next (System Issues)]] |
Latest revision as of 20:50, 8 November 2004
Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say c-r-a-p supposed to be an easy reminder.
___0______1______2______3______4______5______6______7______8______9__ | | | | | | | | | | | | | | | C | | | | | | | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | | | | | R | | | | | | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | A | | | | | | | | | | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | | P | | | | | | | | | |______|______|______|______|______|______|______|______|______|______|
In the next step all the blank fields are filled up with random characters.
___0______1______2______3______4______5______6______7______8______9__ | | | | | | | | | | | | F | I | W | C | K | N | O | E | S | Y | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | H | F | V | O | R | G | T | D | F | U | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | A | G | E | L | P | H | M | D | A | C | |______|______|______|______|______|______|______|______|______|______| | | | | | | | | | | | | T | P | F | O | M | W | Z | K | S | K | |______|______|______|______|______|______|______|______|______|______|
Conclusion: This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme.
Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.
Back (Design Errors) | Table of Contents | Next (System Issues)