Passwords - A Bad Mnemonic System

From
Revision as of 20:49, 8 November 2004 by Schumann (talk | contribs)
Jump to navigation Jump to search

Guess we have a pin number: 3401, this number is coded in the following scheme with a word, let's say c-r-a-p supposed to be an easy reminder.

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |  C   |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |      |      |      |  R   |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |      |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|      |  P   |      |      |      |      |      |      |      |      |
|______|______|______|______|______|______|______|______|______|______|

In the next step all blank fields are filled up with random characters.

 ___0______1______2______3______4______5______6______7______8______9__
|      |      |      |      |      |      |      |      |      |      |
|  F   |  I   |  W   |  C   |  K   |  N   |  O   |  E   |  S   |  Y   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  H   |  F   |  V   |  O   |  R   |  G   |  T   |  D   |  F   |  U   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  A   |  G   |  E   |  L   |  P   |  H   |  M   |  D   |  A   |  C   |
|______|______|______|______|______|______|______|______|______|______|
|      |      |      |      |      |      |      |      |      |      |
|  T   |  P   |  F   |  O   |  M   |  W   |  Z   |  K   |  S   |  K   |
|______|______|______|______|______|______|______|______|______|______|

Conclusion: This is really a bad mnemonic system for bank PINs. The odds sank from 1 in 3000 to 1 in 8 (if three attempts are allowed), because there are only about 20-30 words in the whole scheme.

Some banks allow customers to use their own pins and it is believed that about a third uses a birthday.