Digital security expert explains when you should use a PIN and when a password
By Chad Hammond, digital security expert at NordPass
Special to the Orlando Advocate
October 17, 2019. As users of this digital age, we have many different choices. You can enable or disable web cookies, depending on how much information you want a website to gather about you. You can use encrypted services or unencrypted ones, depending on how much you’re concerned about your privacy and security.
You can also use a PIN (Personal Identification Number) or password to secure your digital devices or online accounts. However, in this particular case, the choice for most of us is not as straightforward as it seems.
The other day I also had the very same discussion among my friends with three different sides of opinion. One side was backing PINs and claiming that they are safer than passwords. Others couldn’t believe that PINs made up of four, six, or eight digits can be more reliable than long and complex passwords. And the third group was claiming that both PIN and password serve the same purpose of identification and are safe to use. All sides had valuable insights, but we couldn’t reach an agreement. Sparked by this discussion, I decided to look deeper into this topic and look for the truth.
When should you use a PIN?
PIN stands for a Personal Information Number and is used the same as a password to prove that you have the right to access your data. A PIN usually consists of a string of four to eight numbers, and it was first introduced in the 1960s together with cash machines (ATMs). The obvious drawback is that a PIN is limited to 0-9 numerical digits. A PIN made up of four numbers offers 10,000 possible combinations. That may seem like an easy nut to crack, but it’s not as straightforward.
PINs are normally used on touchscreen devices and always require manual data entry. An automated brute-force attack may not work as most of the systems that use a PIN also specify maximum attempts count before disabling the device.
For example, if your device limits PIN entry to six attempts, there is a 0.06% chance that someone will be lucky enough to crack the four-digit code. Of course, if your PIN is ‘0000’ or ‘1234,’ the probability of being hacked increases massively.
When should you use a password?
A good password is a combination of numerical digits, upper- and lowercase letters, and various special characters. It could also be a phrase made up of words with the same requirements. Like the PIN, the password concept first appeared in the early 1960s and has been used ever since. A 10-character password has 59,873,693,923,837,900,000 different variations, and most of you are probably thinking you know which of the two is more secure. However, it’s not all about mathematics.
Passwords are used online or for devices like computers, which usually don’t have any limits on failed attempts. That’s why passwords can be compromised with the help of an automated brute-force attack. Of course, not all attacks are practical, as most of them would take years to crack a strong password. Buthacking technologies are evolving fast, making such attacks more sophisticated and successful.
Password vs. PIN: the verdict
Going back to the discussion that I had with my friends, we can safely say that all the opinions were correct in one way or another. The answer to this question depends on where you use your PIN or password.
If you want to unlock your touchscreen device, the safest and easiest way is to use a PIN because of the manual entry and the attempt limit. When it comes to online accounts or computers, passwords are much safer due to the simple math of available combinations.
Also, you can enable multi-factor authentication (2FA) in most online accounts . The 2FA adds another layer of safety, minimizing the risks of automated brute-force attacks. Even if someone manages to get your strong password, they won’t be able to access your account, as the second step of verification will stop them.