“THE 4 DIGIT PIN: Why are ATM passwords (PINs) mostly 4 digits?”

THE BACKSTORY
The #ATM made its debut at #Barclays’ Enfield Town branch in north London in June 1967. Its invention is credited to #British inventor John Shepherd-Barron. The story goes that Mr. Shepherd-Barron saw vending machines selling chocolate bars and asked why a similar machine couldn’t be used to dispense cash.
BIRTH OF THE 4 DIGIT PIN
In 1970, just a few years after the introduction of the ATM, the patent was granted for British engineer James Goodfellow’s concept of a personal identification number that could be stored on bank cards. This was a landmark moment in the growth of self-service banking, as it allowed machines to verify the identity of a customer without human intervention.
Scot’s (Inventor of ATM) wife Caroline rejected the idea of the 6-digit PIN as she could only remember 4-digits.
BRUTE FORCING ATM PINs
Brute forcing is an attempt to determine a password by systematically trying every possible combination of numbers, alphabetic numerals and symbols until the correct combination is arrived at.
Brute forcing in the case of ATM PINs would mean that a hacker would try combinations like 0000, 0001, 0002, 0003 and so on. They could also try the most commonly used PINs first, like 1234, 4321, 2222, 9999, etc. until they arrive at the right combination (10,000 possible tries) and withdraw your hard-earned money.
ARE ATM PINs SAFE AGAINST BRUTE FORCING?
Fortunately for users of ATM cards, #banks establish a limit as to how many times one can enter an incorrect PIN while using your card. Most will allow you to enter your PIN, 3 times in a row before your card is blocked (at least for that day).
CREATING A PIN
-One way to create and remember a PIN is to create it from a word.
For example, the word “word” converts to the PIN 9673 (the W is on the 9, the O is on the 6, and so on)
-Another way to create and remember a good PIN is to build it from significant dates. For example, if your birthday is November 15th, 1946, you can create a PIN derived from your birthday. You might use 1115 (for the eleventh month and fifteenth day). You might also try 1546.
-Another way to randomize your PIN is to add numbers to a number that you know well. For example, you might add one to each number of the base PIN. If you start with “1234,” you add one to each position and end up with “2345.” Of course.
PIN SECURITY TIPS
Avoid including the following items in your PIN:
-Simple number sequences like 1234 or 0000 (including repetition: 1122 or 2233)
-Significant dates, such as your birth year or spouse’s birthday.
-Any part of your address or phone number.
FACTS TO NOTE
-Financial PINs are often 4-digit numbers, with #Switzerland being a notable exception with 6-digit PINs being given by default. Most ATM and POS software does not support PINs longer than 6digits, and many input devices can only accept four-digit PINs.
- 4-digit PIN allows 10,000 possible combinations — and you normally only get three chances to enter the correct #PIN, before the machine ‘swallows’ the card.
- 6-digits offers a million (1,000,000) permutations, but it’s more likely to either be entered wrongly or forgotten.
-Several banks in Europe use 6 digit PINS.
- In security, you have to strike a balance between convenience and security. Most #software or #systems fail when they can’t find the balance. Imagine if your #facebook account logs you out every 10 mins, or #WhatsApp requires you to verify your phone number every 24 hours, inconvenient right? Secure too?
Cited Sources:
https://www.ncr.com/company/blogs/financial/history-atm-innovation
https://www.quora.com/Why-do-ATM-passwords-PINs-mostly-have-4-digits-customer-care-number-62-81-82-56-08
https://www.scienceabc.com/eyeopeners/why-are-atm-card-pins-usually-just-4-digit-long.html