PIN vs. password: which one is more secure?
PIN vs. password: which one is more secure?
  • By Chad Hammond, a digital security expert at Nord
  • 승인 2019.10.18 11:11
  • 댓글 0
이 기사를 공유합니다

Digital security expert explains, when you should use a PIN and when a password
Image source: nordpass.com
Image source: nordpass.com

 

As users of this digital age, we have many different choices. You can enable or disable web cookies, depending on how much information you want a website to gather about you. You can use encrypted services or unencrypted ones, depending on how much you’re concerned about your privacy and security.

You can also use a PIN (Personal Identification Number) or password to secure your digital devices or online accounts. However, in this particular case, the choice for most of us is not as straightforward as it seems.

The other day I also had the same discussion among my friends with three different sides of opinion. One side was backing PINs and claiming that they are safer than passwords. Others couldn't believe that PINs made up of four, six, or eight digits can be more reliable than long and complex passwords. And the third group was claiming that both PIN and password serve the same purpose of identification and are safe to use. All sides had valuable insights, but we couldn’t reach an agreement. Sparked by this discussion, I decided to look deeper into this topic and look for the truth.

When should you use a PIN?

PIN stands for a Personal Information Number and is used the same as a password to prove that you have the right to access your data. A PIN usually consists of a string of four to eight numbers, and it was first introduced in the 1960s together with cash machines (ATMs). The obvious drawback is that a PIN is limited to 0-9 numerical digits. A PIN made up of four numbers offers 10,000 possible combinations. That may seem like an easy nut to crack, but it’s not as straightforward.

PINs are normally used on touchscreen devices and always require manual data entry. An automated brute-force attack may not work as most of the systems that use a PIN also specify maximum attempts count before disabling the device.

For example, if your device limits PIN entry to six attempts, there is a 0.06% chance that someone will be lucky enough to crack the four-digit code. Of course, if your PIN is ‘0000’ or ‘1234,’ the probability of being hacked increases massively.

When should you use a password?

A good password is a combination of numerical digits, upper- and lowercase letters, and various special characters. It could also be a phrase made up of words with the same requirements. Like the PIN, the password concept first appeared in the early 1960s and has been used ever since. A 10-character password has 59,873,693,923,837,900,000 different variations, and most of you are probably thinking you know which of the two is more secure. However, it's not all about mathematics.

Passwords are used online or for devices like computers, which usually don't have any limits on failed attempts. That’s why passwords can be compromised with the help of an automated brute-force attack. Of course, not all attacks are practical, as most of them would take years to crack a strong password. But hacking technologies are evolving fast, making such attacks more sophisticated and successful.

Password vs. PIN: the verdict

Going back to the discussion that I had with my friends, we can safely say that all the opinions were correct in one way or another. The answer to this question depends on where you use your PIN or password.

If you want to unlock your touchscreen device, the safest and easiest way is to use a PIN because of the manual entry and the attempt to limit. When it comes to online accounts or computers, passwords are much safer due to the simple math of available combinations.

Also, you can enable multi-factor authentication (2FA) in most online accounts. The 2FA adds another layer of safety, minimizing the risks of automated brute-force attacks. Even if someone manages to get your strong password, they won't be able to access your account, as the second step of verification will stop them.

About NordPass

NordPass is a new generation password manager shaped with cutting-edge technology, zero-knowledge encryption, simplicity, and intuitive design in mind. It securely stores and organizes passwords by keeping them in one convenient place. NordPass was created by the cybersecurity experts behind NordVPN


댓글삭제
삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
댓글쓰기
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.

  • #1206, 36-4 Yeouido-dong, Yeongdeungpo-gu, Seoul, Korea(Postal Code 07331)
  • 서울특별시 영등포구 여의도동 36-4 (국제금융로8길 34) / 오륜빌딩 1206호
  • URL: www.koreaittimes.com / m.koreaittimes.com. Editorial Div. 02-578-0434 / 010-2442-9446. Email: info@koreaittimes.com.
  • Publisher: Monica Younsoo Chung. CEO: Lee Kap-soo. Editor: Jung Yeon-jin. Juvenile Protection Manager: Yeon Choul-woong.
  • IT Times Canada: Willow St. Vancouver BC, Canada / 070-7008-0005.
  • Copyright(C) Korea IT Times, Allrights reserved.
ND소프트