The most significant advance in the use of PINs in over 30 years...

[Pete Chown]

Kevin Townsend wrote:

> Today, Swivel Technologies announced "the most significant advance in the
> use of personal identification numbers in over three decades".
>
> http://list.pentoneurope.com/cgi-bin3/flo?y=hK610DrPm80CM70riI0Ah

Of course the press release doesn't say how it works, so I had a look at
the explanation in your article.

I've just been thinking about it, and I've realised that what they are
doing is making the PIN shorter.  On the face of it, it looks as though
they are not shortening the PIN but in fact they are.  The ten digits
they give you must not all be different, because otherwise the PIN is
leaked to people watching, the same as now.  But if some digits are the
same then some different PINs will result in the same input into the
machine.

They could achieve a similar effect by asking for (for example) digits
1, 3 and 4 of the PIN only.  That said, the way they do it, the missing
information can be controlled more precisely.  With my scheme the bank
would only have four items of information that it can opt not to
receive.  With their scheme they have more choices, reducing the chance
that a thief can get into the system simply by coincidence -- the bank
happens to ask him for the same information that he has already seen.

They have some interesting statistics to do, I think, to come up with an
optimal number of duplicate digits.

-- 
Pete