In an age when almost every single business requires their employees to use at least a 6 character password consisting of both alphabetical and numeric characters, how the hell does the US financial industry get away with requiring only a four digit numeric PIN? Don’t get me wrong, certainly I understand the concept of two factor authentication… First the bank customer must provide a valid ATM card, and second they must provide a valid PIN. Undoubtedly, this two tier combination, in conjunction with an account lock-out after multiple erroneous login attempts, makes the whole financial system seem more secure. But the real question is: How many numskulls use that same PIN number as a password for their computer accounts where an administrator isn’t actively enforcing strong password restrictions. The point here is that while the common financial PIN number is certainly lacking in many areas of modern day security, there is a bigger picture. The association of the PIN number with the idea that the financial industry must be utilizing strong computer account security measures could easily lead to a disastrous misconception in the average computer user’s mind. “Well if four digits is good enough for my bank account, it must be good enough for my e-mail account.”
Oh, by the way, Angel hacked my PIN number last night… and she hacked your PIN number too. It appears in the list below:
0000 0001 0002 0003 0004 0005 0006 0007 0008 0009
0010 0011 0012 0013 0014 0015 0016 0017 0018 0019
0020 0021 0022 0023 0024 0025 0026 0027 0028 0029
0030 0031 0032 0033 0034 0035 0036 0037 0038 0039
0040 0041 0042 0043 0044 0045 0046 0047 0048 0049
0050 0051 0052 0053 0054 0055 0056 0057 0058 0059
0060 0061 0062 0063 0064 0065 0066 0067 0068 0069
0070 0071 0072 0073 0074 0075 0076 0077 0078 0079
0080 0081 0082 0083 0084 0085 0086 0087 0088 0089
0090 0091 0092 0093 0094 0095 0096 0097 0098 0099
0100 0101 0102 0103 0104 0105 0106 0107 0108 0109
