Measuring Human-Chosen PINs: Characteristics, Distribution and Security

نویسندگان

  • Ding Wang
  • Ping Wang
چکیده

Personal Identification Numbers (PINs) are ubiquitously used in computer systems where user input interfaces are constrained, such as ATMs, POS terminals, electronic doors and mobile devices. Yet, so far little attention has been paid to this important kind of authentication credentials, especially for 6-digit PINs which dominate in Asian countries and are gaining popularity worldwide. Unsurprisingly, many fundamental questions (e.g., what’s the distribution that human-chosen PINs follow?) remain as intact as about fifty years ago when they first arose. In this work, we conduct a systematic investigation into the characteristics, distribution and security of both 4-digit PINs and 6-digit PINs by using a corpus of 9.74 million 4-digit and 8.64 million 6-digit secret sequences extracted from real-life passwords of two groups of users (i.e., Chinese users and English users), and perform a comprehensive comparison of the PIN characteristics and security among users with distinctive language and cultural backgrounds. Our results show that there are great differences in PIN choices between these two groups of users, a small number of popular patterns prevail in both groups, and surprisingly, over 50% of every PIN datasets can be accounted for by just the top 5%∼8% most popular PINs. What’s most staggering is the observation that, when online guessing is the primary concern, longer PINs essentially mean less security: human-chosen 4-digit PINs can offer about 5.3 bits of security against online guessing and 8.4 bits of security against offline guessing, and this figure for 6-digit PINs is 5.2 bits and 13.2 bits, respectively. Most interestingly, by conducting linear regressions on the collected corpus, we unveil that Zipf’s law perfectly exists in humanchosen PINs. Despite distant space and distinct language and cultural backgrounds, both groups of users, unbelievably, follow nearly the same distribution function. We also investigate some foundational implications of our observations for PIN creation policies, strength measurements, migration strategies, etc. keywords– Authentication, Personal Identification Number, Zipf’s law, Statistics, Markov-Chain-based Cracking.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The security of customer-chosen banking PINs

We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online passwords and smartphone unlock-codes. We use a regression model to identify a small number of dominant factors influencing user choice. Using this model and a survey of over 1,100 banking customers, we estimate th...

متن کامل

Memory-only selection of dictionary PINs

We estimate the security of dictionary-based PINs (Personal Identification Numbers) that a user selects from his/her memory without any additional aids. The estimates take into account the distribution of words in source language. We use established security metrics, such as entropy, guesswork, marginal guesswork and marginal success rate. The metrics are evaluated for various scenarios – aimed...

متن کامل

How to choose a PIN - assessment of dictionary methods

Personal Identification Numbers (PINs) are commonly used as an authentication mechanism. An important security requirement is that PINs should be hard to guess for an attacker. On the other hand, remembering several random PINs can be difficult task for an individual. We evaluate several dictionary-based methods of choosing a PIN. We experimentally show that these methods are far from ideal wit...

متن کامل

Identification of Human Factors Affecting the Equitable Distribution of Health and Medical Facilities in the Social Security Organization

Background: All people in the community must have fair access to health facilities. Failure to supply and distribute specialized human resources is one of the main causes of inequality in health services. This study aimed to identify the human factors affecting the equitable distribution of health and medical facilities in the Social Security Organization. Methods: This study was conducted as ...

متن کامل

Factors Affecting Planned Human Resource Development in the Iranian Social Security Organization’s Hospitals

Planned Human Resource Development is critical to educating a skilled and efficient workforce. The present study aimed at identifying the main factors of planned human resource development in Iranian Social Security Organization Hospitals. The study is done through analysis of a questionnaire designed after identification of the main variables. Iran Social Security Organisation hospitals (the m...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015