Main Page | See live article | Alphabetical index

Personal identification number

A personal identification number (PIN) is a numeric value that is used in certain systems to gain access, and authenticate. PINs are (ideally) only known by the person whose PIN it is, and are sufficiently hard to guess. The PIN should be such that a person, or computer cannot guess it in sufficient time by using a guess and check method, where it guesses the PIN, and checks for correctness by testing it of the system that the person is attempting to gain access to.

PINs are a type of password.

PINs are most often used for ATMss in which case they are 4-digit number from 0000-9999, this means that an attacker would need to guess an average of 5000 times to get the correct PIN. They are sometimes used for online systems instead of passwords severely compromising its security (see password for more details)

In 2002 two Phd students at Cambridge University, Piotr Zielinski and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. This has meant most ATM's are vulnerable to an attack known as the decimalization table attack which means that someone who can access ATM hardware can guess a PIN in an average of 15 guesses.