PIN Security Concerns

The cluster discusses the security strengths and weaknesses of PIN codes, especially 4-digit ones, for phones, bank cards, and accounts, debating brute-force risks, rate limiting, hardware protections, and alternatives like longer PINs or passphrases.

📉 Falling 0.3x Security

2,987

Comments

Years Active

Top Authors

#2487

Topic ID

Activity Over Time

2008

2009

2010

2011

103

2012

162

2013

201

2014

166

2015

151

2016

265

2017

245

2018

181

2019

215

2020

217

2021

176

2022

188

2023

278

2024

207

2025

153

2026

Top Contributors

lxgr (17) gruez (9) vel0city (9) lisper (8) Dylan16807 (8)

Keywords

e.g US SSN ID ATM PIN UK samsung.com ATT SMS pin digit password pins digits phone brute passwords account secure

Sample Comments

7v3x3n3sem9vv • Sep 23, 2022 • View on HN

if you're paranoid don't use a 4 digit PIN. use a passphrase. problem solved

Dylan16807 • Mar 10, 2017 • View on HN

It is an option. Make them use a randomized keypad when setting the pin, and make them enter it three times.

bowlofpetunias • Oct 1, 2013 • View on HN

4 digits pin codes aren't passwords either. Sometimes good enough is good enough.

benologist • Sep 12, 2013 • View on HN

What's to stop them from mutilating you until you reveal your pin?

greenleafjacob • Aug 14, 2016 • View on HN

The 4 digit PIN is rate limited. How is that a single point of failure?

IshKebab • Oct 20, 2015 • View on HN

Not a bad idea, except there's a limit on the number of attempts. Otherwise you could easily brute force the PIN.

isykt • Oct 10, 2023 • View on HN

Why is a pin more secure than a password?

LorenPechtel • Mar 19, 2023 • View on HN

A PIN is a de-facto very weak password. Of course it can be brute forced!

u801e • Apr 9, 2018 • View on HN

It would be nice if they would start requiring a PIN.

knodi123 • Jun 10, 2016 • View on HN

I guess it's time to move to a 5-digit PIN in order to prevent this sort of leak from being feasible in the future.