Hacker News new | past | comments | ask | show | jobs | submit login

When it comes to 4 or 6 digit pins, its almost impossible to ensure that no pin has been used before. At 8 digits, you might as well be using diceware anyway.



At least by not allowing 4 you get rid of the two most common lazy date formats (and YYYY)


Nothing prevents users from using 0YYYY or 0DDMM/0MMDD.

Every time some site ridiculously insists I "use a more secure password", I sigh and add "A1!$" to the end of my 32-character alphanumeric random string.


Does it matter if you can bruteforce a 4 digit pin in a day, if there's no TPM guarding it?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: