Here's Why Your ATM PIN Has Just Four Digits But Your Email Password Has To Be More Complex

14 January, 2018
Here's Why Your ATM PIN Has Just Four Digits But Your Email Password Has To Be More Complex

With the number of hackers and scam artists online, passwords become our first line of defense to protect everything from our bank accounts, to our emails, our social media profiles, and online services.

But have you ever wondered why there’s such a disparity between password types? For years we’ve stressed about how passwords should be at least 8 characters long, and how they should be disjointed numbers and characters, but no one ever questions why a 4-digit PIN suffices for your ATM card or OTP? Well there’s a simple explanation really. 

As far as identity verification goes, lots of services prefer multiple levels of redundancy, which is great. It’s a little inconvenient to go through two levels of security just to buy something online, but you’re money is that much safer. However, there are three minimum identification factors of which two need to be fulfilled at all times to achieve the most basic security:

What you know, what you have, and what you are.

Consider your online banking system. Here, you need a login and password to carry out transactions, as well as most likely an OTP sent to your phone or the numbers printed on the back of your debit card. That’s fulfilling the “what you know” clause here (your password) as well as the what you have (the registered phone or card). That’s good security protocol. Also acceptable is a 4-digit PIN when you visit the ATM. Here you know your PIN and you have your card, so that’s two out of three again. That’s why just four digits is enough.

Now consider your email or social media account. Unless you’ve toggled the two-step verification, all you need is your username and password. In this case, there’s no “what you have” component, so the component you “know” has to instead be more secure. Hence, at least eight characters that aren’t easily guessed. 

What’s the “what you are” component you ask? That’s simple, it’s your biometric identity. If you lock your smartphone, you don’t need to type in a code if you have your fingerprint registered. You don’t need to swipe a pattern if your face unlocks the device, because no one else has your face. It fulfills both “what you have” and “what you are”.

That’s why FaceID on the iPhone X unlocking for people with similar features or being fooled by masks is such a big deal; it goes against basic security principles.

Source:
TAG(s):
Search - Nextnews24.com
Share On:
Nextnews24 - Archive