Talk:Personal identification number
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||
|
PIN Hack
[edit]In 2002 two PhD students at Cambridge University, Piotr Zielinski and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. This has meant most ATM's are vulnerable to an attack known as the decimalization table attack which means that someone who can access ATM hardware can guess a PIN in an average of 15 guesses.
I've removed the above from the article, because it is somewhat misleading. For one thing, the proportion of the article taken up with it lends it undue weight, when it is actually of very little interest to anyone other than a bank manager. The exploit described is not in fact in ATM hardware, but in internal bank computing systems - a bank employee would probably have to have passed security screenings before they could access the systems on which the attack is possible. Nonetheless, it may bear insertion somewhere, and for reference, here's the research paper as a PDF [1] - IMSoP 05:27, 9 Mar 2004 (UTC)
- Rereading it, I agree that the location of the explot should be more clearly stated, but I think you're underestimating how important it is. See http://www.cl.cam.ac.uk/~mkb23/media-coverage.html also Ross Anderson believes some of Bond's attacks have been used in practice.--Imran 14:03, 9 Mar 2004 (UTC)
Pricks?2.97.117.189 (talk) 15:31, 20 December 2015 (UTC)
Request: Pronunciation of PIN
[edit]It would be nice to add whether PIN should be pronounced P-I-N or PIN as in sPINning for foreign readers such as me :) Thanks, Swalot 11:19, 2 November 2006 (UTC)
Criticism
[edit]How are PIN's better than passwords? they are only 4 numbers and have fewer combinations than alphanumeric passwords. This has been removed from the article. 165.230.46.153 20:05, 16 November 2006 (UTC)
hoax tag?
[edit]Is the hoax tag because the page mentions the PIN security hoax (the belief that if you enter your PIN wrongly you can send a request for help if you're mugged in the ATM cubicle)? The article does label that section 'hoax'. Perhaps a little explanation of why such a system would be impossible and a stronger denial of its existence would clarify the section? Rimi talk 06:01, 8 February 2007 (UTC)
- There's no reason for the hox tag that I can see. Talking about a hoax doesn't make the article a hoax. The existence of the software isn't a hoax - I've added an additional link to the article about it, just to clarify, although there were two already. CiaranG 08:27, 8 February 2007 (UTC)
PIN CODE
[edit]2019 —Preceding unsigned comment added by 12.207.88.169 (talk) 10:37, 25 September 2008 (UTC)
Probability question
[edit]How do we get 0.06% chance of guessing a 4-digit random PIN after three attempts? I calculate the probabilty as 1 - ((9,999 / 10 000) * (9,998 / 9,999) * (9,997 / 9,998)) = 0.0003. —Preceding unsigned comment added by 76.21.155.25 (talk) 18:05, 8 June 2009 (UTC)
- The preceding sentence ("some banks do not give out numbers where all digits are identical ... or consecutive ... or numbers that start with one or more zeroes") implies that the calculations are based on less than 104 possible PINs. (Note: I haven't actually done the calculations.) However the next sentence says "if all PINs are equally likely", implying (to me at least) "all PINs including all digits identical etc". I suggest that the paragraph (especially "all PINs are equally likely") needs rewording to clarify. Mitch Ames (talk) 13:56, 9 June 2009 (UTC)
- The mathmatic formula is sound on the first comment, not to mention if you drop the possibility of all repeating digit PINs (i.e. 8888) there are 10 less numbers to choose from AND if you continue on to eliminate the possibility of PINs that start with 0 then you have reduced the TOTAL number of possible PINs by 1009, if you take away PINs that are consecutive in addition to the previous math it takes away another 6 potential PINs thus vastly increasing your chances of guessing correctly in 3 tries. I calculate the probabilty as 1 - ((8,984 / 8,985) * (8,983 / 8,984) * (8,982 / 8,983)) which, though I don't have a calculator in front of me, I can tell you is a heck of a lot different than the odds presented in the article. WesUGAdawg (talk) 03:44, 16 December 2009 (UTC)
- I have put Citation needed tag on the 0.06% claim. This page http://financial-dictionary.thefreedictionary.com/Personal+Identification+Number quotes the same number but I suspect they got it from this article. FrankSier (talk) 15:33, 25 February 2013 (UTC)
1512034
[edit]hi —Preceding unsigned comment added by 124.253.122.115 (talk) 04:42, 20 April 2011 (UTC)
PIN's are not necessarily numeric anymore
[edit]Many services and websites started off using PIN as "Personal Identification Number". However, over time they have evolved the usage to extend to non-numberic values as well. So PIN is not necessarily and anachronism anymore. One example that comes to mind that I use every day is my RSA token. I have a "PIN" assigned to that, but the "PIN" is not numeric. — Preceding unsigned comment added by Docbillnet (talk • contribs) 14:58, 7 October 2011 (UTC)
- Can you provide some references for this use of "PIN" for non-numeric password? If so, we can update the article to mention the semantic change of the "word". Mitch Ames (talk) 15:11, 7 October 2011 (UTC)
outdates info?
[edit]the article says the following: "Throughout Europe and Canada the traditional in-store credit card signing process is increasingly being replaced with a system in which the customer is asked to enter their PIN instead of signing" I've had a debet card since 1998 and have never not used my PIN. I do remember(as a child) my mother signing something in the 80's but here (Denmark) the replacement is long over, and i'm wondering if it's the same case anywhere else.94.145.236.194 (talk) 14:47, 8 December 2011 (UTC)
card-not-present
[edit]We now have several US suppliers demanding the "ATM PIN", ie the card PIN, for internet transactions. Presumably, this enables them to avoid the Card-Not-Present transaction fees. I haven't seen any documentation about this.
The Web is full of old documention saying that the PIN will not be required for Card-Not-Present transactions, and our (AUS) banks don't know anything about it either.
Any further information would be welcome. — Preceding unsigned comment added by 203.206.162.148 (talk) 03:22, 3 May 2012 (UTC)
"PIN number" erroneous?
[edit]At present the lead states that the usage "PIN number" is erroneous. The link given for 'erroneously' goes to the article RAS syndrome, and that article itself gives reasons, I think, for not considering the usage to be erroneous.
The usage is very common (examples: The most common pin numbers: is your bank account vulnerable?,Have only one PIN number? It's YOUR fault if your cash is stolen, ATM PIN Number Reversal hoax email) and could probably be counted as the standard usage, or at least a standard uasge. FrankSier (talk) 14:54, 25 February 2013 (UTC)
- Yeah. Unlike others like "ATM machine" which are clearly redundant, "PIN number" is not completely redundant. There are other types of pins. 4.238.1.82 (talk) 22:47, 27 March 2013 (UTC)
- There are many other types of ATM as well - not all of them machines. Mitch Ames (talk) 09:29, 29 March 2013 (UTC)
Update to Intro
[edit]I just changed a sentence in the introduction because I thought it was possibly to misinterpret as suggesting that PINs have not been used in the UK or Ireland at all prior to the Chip and PIN campaign.
The previous text was "In the UK and Ireland this goes under the term 'Chip and PIN', since PINs were introduced at the same time as EMV chips on the cards."
I also added a reference. Stardarks (talk) 16:03, 3 December 2013 (UTC)
PINs that are not PINs
[edit]I've simplified the 3rd paragraph of the lead, which describes PINs in non-ATM/EFTPOS environments. If it's not described as a PIN, not subject to the formatting requirements of a PIN (4-12 numeric characters), is it really a PIN?
Note that this previous edit:
mayare not be subject to the formatting limitation ...
is not valid. A web site may limit PINs to those that meet ISO 9564. Eg, Qantas frequent flyer PINs are limited to four digits. Mitch Ames (talk) 03:51, 27 April 2014 (UTC)
Support for and truncation of PINs longer than 4 digits
[edit]Personal identification number#PIN length says that:
Not all networks support entry of PINs longer than six digits, and many networks truncate the PIN to four digits.
I suspect that the use of the word "network" is misleading or incorrect. Typically if the PIN is being transmitted over a network (ie not verified locally by the ATM or EFTPOS terminal) the PIN entry device will encrypt the PIN then send the encrypted PIN block to the card issuer and/or bank, which will decrypt and verify it. It is not possible to truncate the PIN while it is encrypted, so it must either be truncated by the PIN entry device (before encryption) or by the bank verifying it (after encryption). I suspect that truncation would happen at the entry device, but don't have a reference to support that. (A few years ago an Australian bank, which supported PINs longer than 4 digits, advised me to change my 6-digit PIN to 4 digits before going overseas, because some overseas ATMs would not accept more than 4 digits.) If someone could dig up a reference for the truncation, we could fix that sentence in the article to be more accurate. Mitch Ames (talk) 12:05, 13 June 2014 (UTC)
- I have had a similar experience, but I also do not have a reference (it was a verbal advice), and I'm also not sure what the network mechanism is. Enthusiast (talk) 03:49, 14 June 2014 (UTC)
- This updated version of the article said:
Not all networks support entry of PINs longer than six digits, and many networks can only accept four digit PINs.
- This wording has the same problem - the network typically transmits an encrypted PIN block, containing a PIN whose length is unknown to the network. The PIN entry device is what limits the "entry of PINs longer than six digits".
- So I've updated the article accordingly - but we still need a reference. Mitch Ames (talk) 08:57, 14 June 2014 (UTC)
- I think this edit is too much irrelevant detail. While it is probably true that the limit is imposed by software rather than hardware, that distinction is not relevant in this context; most readers of the article and/or users of an ATM are not going to care about the difference. (The distinction might be relevant in the automated teller machine or PIN pad articles, but not here.) Also "most" (vs "not all") and "software" are more specific statements that we have no references for. (The earlier version is also unreferenced, but - being more general - ought to be easier to find a reference for.)
- I propose reverting to the earlier, simpler description. If you really think it matters we could use the more verbose "Not all ATM and EFTPOS terminals support entry of PINs longer than six digits ...", but I really don't think we should make the distinction between hardware and software. Mitch Ames (talk) 03:45, 15 June 2014 (UTC)
- This updated version of the article said:
Card not present, 2014-06
[edit]This edit says that PINs are used in card not present transactions, but that is definitely not the case in Australia, where there are as many as four independent authentication codes:
- the ATM/EFTPOS PIN
- the card security code, visibly printed on the card, used for telephone or internet credit card transactions
- the telephone banking code, numeric-only for entry on a touch tone phone, typically quite short (eg 3 digits with Westpac)
- the online banking password
The last two typically allow account enquiries and transfers between customer's own bank accounts and BPAY bill payment, possibly payments to other peoples' bank accounts, but not general purchases. The Australian banks make a point of using different terms for each, and not using "PIN" to refer to anything other than the ATM/EFTPOS PIN.
Perhaps is other countries, the ATM/EFTPOS PIN is used for internet/phone transactions/banking, but if that is the case:
- The article needs to explicitly mention that different countries have different rules
- References should be provided.
(This matter was raised a couple of years ago in #card-not-present, but there was no follow-up.) Mitch Ames (talk) 02:53, 15 June 2014 (UTC)
Key-balls mapped St. Lucía?
[edit]- Peggy 8 June 1904 8 June 2002 (aged 98)
- Elspeth 8 June 1925 8 June 1990 (aged 65)
- Arma 8 June 1937 8 June 1997 (aged 60)
- Margaret 8 June 1932 8 June 1997 (aged 65)
- Joyce 8 June 1935 8 June 1990 (aged 55)
- June 8 June 1940 8 June 2000 (aged 60)
- Shirley 8 June 1941 8 June 2002 (aged 61)
- Isabelle 8 June 1942 8 June 1997 (aged 55)
- Yvonne 8 June 1947 8 June 2018 (aged 71)
- Phyllis 8 June 1945 8 June 2007 (aged 62)
- Cathy 8 June 1948 8 June 1990 (aged 42)
- Marion 8 June 1948 8 June 2006 (aged 58)
- Lynnette 8 June 1951 8 June 2012 (aged 61)
- Carol M D 8 June 1953 8 June 2002 (aged 49)
- Angie B H F 8 June 1954 8 June 2016 (aged 62)
- Carol M S 8 June 1955 8 June 2007 (aged 52)
- Angie W G 8 June 1957 8 June 2018 (aged 61)
- Fee 8 June 1959 8 June 2007 (aged 48)
- Susann 8 June 1960 8 June 2021 (aged 61)
- Nikki B H F 8 June 1964 8 June 2016 (aged 52)
- Veronica 8 June 1964 8 June 2018 (aged 54)
- Allison 8 June 1966 8 June 2018 (aged 52)
- Laura W G 8 June 1967 8 June 2019 (aged 52)
- Lynn 8 June 1967 8 June 2019 (aged 52)
- Liz B H F 8 June 1971 8 June 2016 (aged 45)
- Brenda 8 June 1971 8 June 2002 (aged 31)
- Dawn 8 June 1971 8 June 2019 (aged 48)
- Wanda 8 June 1977 8 June 2002 (aged 25)
- Julie W F 8 June 1977 8 June 2001 (aged 24)
- Laura B 8 June 1978 8 June 1992 (aged 14)
- Louise B H F 8 June 1979 8 June 2014 (aged 35)
- Kerrier 8 June 1979 8 June 1997 (aged 18)
- Marcia 8 June 1980 8 June 1992 (aged 12)
- Donna 8 June 1981 8 June 2006 (aged 25)
- Claire 8 June 1982 8 June 2006 (aged 24)
- Jo M S 8 June 1985 8 June 2010 (aged 25)
- Jo M D 8 June 1984 8 June 2002 (aged 18)
- Ruth B H F 8 June 1989 8 June 2014 (aged 25)
- Laura B H F 8 June 1991 8 June 2016 (aged 25)
- Paige B H F 8 June 1991 8 June 2015 (aged 24)
- Kirsty 8 June 1992 8 June 2012 (aged 20)
- Amey 8 June 1992 8 June 2016 (aged 24)
- Ella 8 June 1993 8 June 2018 (aged 25)
- Lois 8 June 1993 8 June 2015 (aged 22)
- Harriet 8 June 1997 8 June 2016 (aged 19)
- Ashleigh H F 8 June 1998 8 June 2016 (aged 18)
- Leighann 79.77.211.67 (talk) 8 June 1999 8 June 2016 (aged 17)
My phone broke I don't have it anymore I don't have access to my Gmail phone number or my cash app I have locked my card cause I didn't want anything taking off it with out it being me that was doing it how do I get in to my card I. Have a new account card same name just new account and gmail
[edit]Plz help me revondaprice22@gmail.com 165.166.100.78 (talk) 19:00, 23 June 2022 (UTC)
Olvide mi contraseña 64.127.156.125 (talk) 11:14, 9 August 2023 (UTC)
Daniel zapata
[edit]Olvide mi contraseña 64.127.156.125 (talk) 11:15, 9 August 2023 (UTC)
- Olvide mi contraseña 64.127.156.125 (talk) 11:16, 9 August 2023 (UTC)
- C-Class Computer Security articles
- High-importance Computer Security articles
- C-Class Computer Security articles of High-importance
- C-Class Computing articles
- High-importance Computing articles
- All Computing articles
- All Computer Security articles
- C-Class Finance & Investment articles
- High-importance Finance & Investment articles
- WikiProject Finance & Investment articles