windows-10-quick-tips-feature-image

Windows 10 Quick Tips – PIN Or Password?

Passwords And PINs

Passwords are a secret. They are a secret you share with any one of the estimated 200 million active websites on today’s Internet. (There are actually over 1.8 billion, but by far most of these — roughly 75% — are placeholder, or “parked” domains.) This information was gleaned from InternetLiveStats if you’d like to learn more.

A Personal Identification Number (PIN) is usually a simple set of four digits, although some companies will allow the use of alphanumeric strings. The burning question here is whether a Password, or a PIN, offers the greatest amount of security and this week’s Quick Tips article will try to answer it for you.

Let’s Begin With PINs

PIN is an acronym for Personal Identification Number. (It makes me cough when people refer to a PIN ‘number’. Or a VIN ‘number’. Would you normally say, “Personal Identification Number number”? Of course not.)

Whereas a password is shared with an outside entity, a PIN is attached to, or associated with, a device such as a laptop computer. If a crook steals your laptop, and it is protected by a password, then the bad guy could theoretically “brute force” that password and gain access to your machine. A PIN, in this case, is better. It is associated with the hardware itself, and not an outside entity like a website.

A normal reaction would be to say that a 4-digit PIN couldn’t possibly be as secure as a strong 16-character password, and that seems to make sense, but in this case it isn’t necessarily true. That’s because a PIN is protected by a Trusted Platform Module (TPM). The TPM will lock after a set number of failed login attempts. The bad guy only has a limited number of tries, so a brute-force attack won’t work. Of course, the scumbag could get lucky and hit upon the correct PIN right off, but the odds are slim– there are 362,880 possible combinations using the numbers 1- 9.

Incidentally, many websites these days employ a similar technique for the same reason. DCT, for example, will block someone for a period of time who tries several false password attempts. This helps to dissuade abuse of the system.

Note: If your computer is not equipped with a TPM chip, using BitLocker can achieve the same result.

How About Passwords

A PIN can’t be effectively used when signing in to a website. They are short and are therefore easy to crack, so a password becomes necessary. Passwords should be long and strong. 16 characters is a good length these days (it use to be 8), and by “strong” I mean that it should contain at least one number, one special character (e.g., !@#$%^&*()), and both upper-case and lower-case letters. Even using a very fast computer, it could take hundreds of years to “brute force” a good password. (You can do the math if you like, but I’ll pass on this one.)

Password Managers

Due to the complexity needed to create a good password, and to the strongly recommended one-time usage of each password, a password manager becomes a necessary tool. I don’t know about you, but I can’t remember hundreds of complex passwords– my brain doesn’t work that way. There are many good password managers available on the Internet. To make it easier for you, many excellent ones are free. Here are some recommendations for you to consider:

For your information, I use LastPass. Even the free version has many useful features. The above video mentions it as a top pick and I concur.

Which Is Better?

The only right answer is that it depends. If you want to protect a device at a local level, then a PIN is the way to go. Microsoft even  offers the option of using a PIN instead of a password to sign in to your account, and it is necessary to create a PIN if you want to use bio-metric log in solutions. (This is a fallback mechanism in case your fingerprint reader fails for some reason.)

As always, if you have any helpful suggestions, comments or questions, please share them with us,

Richard

 

5 thoughts on “Windows 10 Quick Tips – PIN Or Password?”

  1. Hello Richard. I just love watching a show/movie where someone is using some electronic gadget and you hear a voice saying “got three of the six numbers so far”. As you mentioned, each try starts from the beginning. Sad fact is some actually believe this Hollywood nonsense. Excellent article, Mindblower!

  2. The thought of someone hacking Lastpass and getting all of my passwords at once is keeping me from using these programs. But I really need one.

  3. I have to disagree with the implication in the the paragraph about PIN possibilities. While there may be 362,880 combinations for the numbers 1-9, there are only 6561 4-digit combinations and only 10,000 4-digit combinations for the numbers 0-9.

    1. Richard Pedersen

      Hi Vince,
      I just knew it! I just knew someone, somewhere would pick on that number! 🙂

      I’m not a mathematician, and I don’t want to begin a debate regarding calculation methods of combinations and permutations.
      What I don’t understand is why the 4-digit combinations mean anything at all when discussing brute-force cracking methods, and why you’d even bring it up at all.
      What possible difference could it make…

      It really has nothing to do with the main gist of the article,
      Richard

Comments are closed.

Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!