Funny, I immediately thought of sex when I read that sentence, but that kind of dogging was not what I was thinking.
Bad old joke:
Q: Why do Canadians prefer their sex doggie-style?
A: That way they can both watch the hockey game on TV.
Doh!!
Damn, I blame autocorrect.
Random employee: “MY name’s Myron not moron. don’t use the first word autocorrect gives you!”
Pointy-Haired Boss: “What’s autocorrect?”
This is the factor people worried about security keep ignoring. I think the last time anyone in my immediate family lost a wallet to theft was my dad back in the 80s, before we even had ATMs. But I’ve forgotten a PIN at least once, and my mother forgets them all the time now. The biggest security concern I have is my money being so secure even I can’t access it.
More places forcing 2FA only by cellphone is making this worse. If I’m abroad and switch to a local SIM, there is no way to receive texts. Or I may lose my phone, of course.
What I also hate is overzealous IT people imposing ridiculous levels of security for things that don’t matter. No, I do not want that level of complexity on my password or be forced to reset it twice a year when the worst that a hacker could do is cancel my magazine subscription.
In 2019 dad and I went to Disney World. We stayed at the All-Stars Music and got Magic Bands. When you were picking your PIN the instructions told you you could only have 2 of the same number consecutively and you could not choose a sequence of numbers of more than two. So, 2274 was okay but not 2222. 3491 was okay, but not 1234.
Two quick stories:
- Staying with a friend, so she shows me how the house alarm works. After giving me the four digit code, I ask “who’s birthday is that.” She happily said that it was her birthday.
- Stuck behind an old woman at an ATM. She didn’t know how to use the ATM, so she asked me for help. I helped walk her through it, and it asked her to re-enter her PIN. I watched her enter 1234. My head nearly exploded.
That’s amazing. I’ve got the same combination on my luggage.
My PIN includes a very old address from my youth, but also an extra number or two that changes. PINs don’t have to be for digits.
This. When I switched phones recently and had to reauth to a bunch of apps, it was amazing how much they varied. And the most difficult one was Dunkin. FFS, how many donuts are the black hats gonna steal?!
The “use a birth date” is so common as to be a trope in fiction, so yeah, avoid it. OTOH, from a security standpoint, if I know that you cannot use your birthday, that actually weakens the entire scheme, so forbidding it is also bad. If my birthday was 02012003, it’s not impossible that I’d get that as a random PIN generated by a token, too, which would be irritating.
A phone number is just random digits. As long as you don’t have it with you (e.g., not on your phone), it’s not going to be guessed.
If someone has your ATM card which has “Charles T. Reality” on it and they Google that name, they just might come up with a phone number. Just like they might come up with former addresses you lived at.
As always, the point isn’t to defeat the CIA. The point is to avoid being a fish in a barrel for the laziest of criminals.
My wife just upgraded her phone. The new version of the security app for remote login makes her enter one PIN so she can get the random code to login remote (with her password). And required her phone to have a 6-digit PIN in order to install that app.
If the person knows your username, password, phone PIN why would a second PIN stop them?
Meh…if you reconcile your accounts monthly or even just review your accounts monthly you should be able to detect fraud in your accounts. Most financial institutions give you 120 days after a fraudulent transaction to bring it to their attention and it will not be your responsibility. Passwords and Pin Codes are just deterrents…they are not and should not be the only course of prevention of your risk.