If a new study by the Cambridge University Computer Laboratory is correct, most of your ATM or debit card PINs are either "1111" or "1234." You may think it's okay because someone would need physical access to your card to use the PIN, right? Wrong. Here's why you should change your PIN right away, and some hacks to help you can remember your new one.
Mashable reports (and the study confirms) that the issue of simple, repetitive, and easy-to-guess PINs is so widespread that if a thief managed to steal enough cards they would be able to walk up to an ATM or go to a store and use every 18th card like cash with the correct PIN. Sure, if you lose your wallet you can just call the bank to have your card canceled and a new one issued to you, but in an age of card skimming, where the thief doesn't need your physical card to make a copy of it for themselves, you may not notice that your account has been compromised until it's too late and your money's been withdrawn. Photo by Cory Doctorow.
The Cambridge University study affirms that most of us are terrible at picking passwords and PINs, especially when they're things we know we'll have to remember, and when they're in the confines of a narrow system like "four digits only." The study also pointed out that we're not terribly private about our PINs either, and close to 50% of the people who participated admitted to sharing their PINs with others freely, and a third of the participants used the same PIN for all of their cards—which is about as bad as using the same password for all of the web sites you log in to. Others thought they were more secure because they used their birthdate as their PIN, forgetting that if their wallet is lost, there's likely some document also in the wallet with their birthdate printed on it.
So whether it's using the same PIN, using your birthdate, writing the PIN down and keeping it in your wallet, or giving out your PIN to other people, you can see why it's time to change it. Even if you know how to keep physical control over your wallet and your ATM and credit cards, it's still more likely that your wallet will be lost or stolen than it is someone breaks into your computer and takes all of your passwords.
When you're ready to change your PIN, come up with four new numbers, and steer clear of numbers that can easily be mapped to information that's readily available about you—or worse, may be in your wallet if it's stolen. Try to avoid pet names mapped out on the keypad, or picking numbers that line up on the keypad and are easily guessed, like "1472" or "3692." Try to avoid the last four digits of your social security number, or your phone number, as well. Once you have a sufficiently random series of digits, here are some tips to help you remember.
Spell out a word with your PIN. Use a site like Phone Spell to find out what words your PIN spells on a phone or ATM keypad. Alternatively, if you're still trying to come up with a PIN, type in a word that's easy for you to remember, and the site will give you a PIN from the numbers each letter corresponds to on a numpad.
Make a sentence from your PIN. Mind Your Decisions suggests you pick a random series of numbers, and then take the first letters of each word for each number, and then build a mnemonic around those letters. For example, if my PIN is 5642, the words are "Five, Six, Four, Two." I take the FSFT first letters, and come up with a sentence to help me remember, like "First Standing, First Toppled" to lead me back to the PIN. That way any random series of numbers is suddenly easy to remmeber."Encrypt" your PIN in your phone, or on paper. Most banks will tell you never to write your PIN down, and especially not to keep your PIN somewhere it could be lost with your ATM or credit card. Mind Your Decisions also notes that you can "encrypt" your PIN by injecting useless numbers and then writing it down. For example, if my PIN is 5642, I could jot down 05060402 on an index card and keep it in my wallet. That's easy to guess, so to make it more difficult, I could use the numbers next to the ones in my PIN, like 56674523, or another four digits, where only I know that every other digit is meaningless. Take it a step further and add your PIN as a contact in your mobile phone, complete with this "encryption," and you'll never forget your PIN again. It's not bulletproof, but if you're the type who needs to write down your PIN anyway, it's better than no obscurity.Pick a number that means something to you but nothing to anyone else. If you have a private, personal series of numbers that you can remember and cannot be easily tied to some other readily available information about you then go for it. You're still stuck with four digits, so if they're four digits you'll remember but no one will guess, you're all set. If it's something like your dog's birthday, the last four digits of your best friend's call phone number, or any other series of digits highly unlikely to be in your wallet and equally unlikely information to be easily available to a thief, it's fair game.Use math to conceal your PIN. Another, more advanced suggestion is to use Modular Arithmetic to secure your PIN. Here's how it works: you know how difficult it is to fool yourself into getting up earlier because you set your clock back 5 minutes? You'll always look at the clock and know to subtract 5 minutes to get the real time, right? The same principle applies to your PIN. Take a random PIN, like 5642, and then add 5 (mod 10) to each digit: 101197. Then, drop the excess numbers, and your result is 0197. (Thanks for the correction, area_educator!) It's a simple code, but it works, and the key is in your head.Get the bank to reset your PIN. If doesn't preclude any of the tips above, but one way to make sure your PIN is a random series of digits is to make the bank reset it, mail you the new PIN, and then force yourself to use whatever they assign you. You can use the mnemonic trick to make it easier to remember, or you can just brute force the number into memory and call it a day. Painful, but it works.In the end, the method you use to remember your PIN is best decided by how likely you are to embrace the technique and eventually remember the numbers without having to write them down or fall back on something that's easily guessed or otherwise obtained. Regardless of what you choose, if your PIN is "1111" or "1234" or even some variation on the theme, pick a new PIN, for your bank account's sake.
How do you remember your ATM PIN? Do you use a technique like the ones above, or just pick a special number that only you know? Do you give out your PIN to family members or friends? Share your thoughts—and security suggestions—in the comments below.
Title image by redspotted.
Related Stories
No comments:
Post a Comment