Not strictly crypto, but a key issue
Owen Blacker
owen.blacker at wheel.co.uk
Fri, 30 Mar 2001 12:16:12 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > this is now a VISA standard security measure.
>
> Not at HSBC.
>
> There you choose a **10 digit** PIN. And from anecdotal evidence,
> I believe they check to make sure your date of birth isn't 6/8
> digits of it.
But who can remember (easily, without writing it down, without be a
genius :o) a 10-digit number that isn't composed of dates of some
description?
I'd bet quantities of money that if they require it not to be the
user's DoB then it'll contain their partner's DoB / child's DoB /
marriage date (etc)...
> When you use internet, you have to supply the whole thing.
>
> At all other times, they randomly select two digit positions from
> the PIN and you have to supply the corresponding values. I'd
> prefer three,
> but what the hey.
So, not only forcing many users to write it down, they're gonna force
some of the ones who do commit it to memory to write it down each
time they're asked of it.
> It's still safer than digits that are actually *printed*
> where everyone
> you use your card with can see them.
By far, don't get me wrong. But Usability can make many of the
Security restrictions be countermanded. Cf password and PostIt
notes... :o/
IMHO, of course. :o)
O x
- -----
Owen Blacker
Senior Software Developer / InfoSec Consultant Wheel: Clerkenwell
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig 0x00036874 | d39f b776 fa20 c125 b0e2 aa6d 555e 4126 0003 6874
- -----
Opinions are mine. My employer and their clients can get their own!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Due to RIP, pls check for revocation before using this key!
iQA/AwUBOsRq1VVeQSYAA2h0EQLr0gCgnZ1JQldhKxHIozBMhzdIjq29YwwAoNND
pdXLBWL7TO6nkFaEBq92tueW
=+uC9
-----END PGP SIGNATURE-----
_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/