| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 454768 | Computers & Security | 2013 | 10 Pages |
•We assess various dictionary based methods of selecting PINs.•The experiments show that the most of the direct methods yield suboptimal results.•We discuss two methods for constructing easy to remember PIN words.
Personal Identification Numbers (PINs) are commonly used as an authentication mechanism. An important security requirement is that PINs should be hard to guess. On the other hand, remembering several random PINs can be difficult task for a user. We evaluate several dictionary-based methods of choosing the PIN. To assess their resistance to guessing attacks, we use entropy, covering of the PIN space, guesswork, marginal guesswork, and marginal success rate metrics. With respect to these metrics, most of the evaluated methods are far from ideal ones. Positive results are obtained by a more involved morphing method, and the technique of the reduced dictionary. We also discuss two methods for constructing easy to remember PIN words for randomly chosen PINs.
Graphical abstractThe assessment of various natural dictionary-based methods for the PIN selection shows that it is difficult to come close to ideal entropy and covering of the PIN space.Figure optionsDownload full-size imageDownload as PowerPoint slide
