Friday, February 20, 2004
I would like to briefly discuss the impending ATM PIN disaster.
I, like most people, am careful to ensure the privacy and security of my financial situation. As such, I have adopted the conservative position of changing the PIN number on my bank account on a nightly basis using a hashing algorithm to produce a sequence of non-repeating 4 digit numbers. Now my bank does not allow PINs to start with zero, so there are 9000 possible codes to choose from (8999 if you count that I would never use 1234 -- which is the code some idiot would put on his luggage).
I figure that I have already used approximately 3600 codes in the 10 years that I've had my bank account, which leaves me with around 14 years of PIN codes remaining. I personally won't start to worry for another 4 or 5 years, but what about the people that have had their accounts longer than me, or the paranoid folks who change the PIN 2 or 3 times a day? I'm sure there are millions of Americans that will be bumping up against the 9000 code limit in the next few years.
The financial industry really needs to wake up and get on the ball. As a stopgap measure migrating to a 5 or 6 digit PIN would be adequate, but why not plan for the future today? I suggest expanding the PIN to 8 digits and modifying all ATM keypads to accept hexidecimal codes. I realize that this might involve some expense, but I can assure you that it is MUCH cheaper than having to reuse previous, possibly compromised, codes.
P.S. For all those assholes that are going to point out that PIN already includes the word 'number' and thus 'pin number' is redundant, I say F--K YOU.
I, like most people, am careful to ensure the privacy and security of my financial situation. As such, I have adopted the conservative position of changing the PIN number on my bank account on a nightly basis using a hashing algorithm to produce a sequence of non-repeating 4 digit numbers. Now my bank does not allow PINs to start with zero, so there are 9000 possible codes to choose from (8999 if you count that I would never use 1234 -- which is the code some idiot would put on his luggage).
I figure that I have already used approximately 3600 codes in the 10 years that I've had my bank account, which leaves me with around 14 years of PIN codes remaining. I personally won't start to worry for another 4 or 5 years, but what about the people that have had their accounts longer than me, or the paranoid folks who change the PIN 2 or 3 times a day? I'm sure there are millions of Americans that will be bumping up against the 9000 code limit in the next few years.
The financial industry really needs to wake up and get on the ball. As a stopgap measure migrating to a 5 or 6 digit PIN would be adequate, but why not plan for the future today? I suggest expanding the PIN to 8 digits and modifying all ATM keypads to accept hexidecimal codes. I realize that this might involve some expense, but I can assure you that it is MUCH cheaper than having to reuse previous, possibly compromised, codes.
P.S. For all those assholes that are going to point out that PIN already includes the word 'number' and thus 'pin number' is redundant, I say F--K YOU.
