Insecure security for credit card PIN
I am with the Cashier on a busy Sunday, with a lineup behind me. The card gets declined since the PIN has not been set for some reason the phone with an agent who is helping me reset my credit card PIN.
- It has to be a 4 digit PIN. (10000 numbers)
- Cannot use any repeating number — e.g. 1223. Based on a very quick google search, looks like this would eliminate 2439 numbers (7561 numbers remaining).
- Avoid use of any consecutive number — e.g. 1247. I couldn’t find a result easily, but I’d make an assumption that this would be greater than or equal to the case of repeating number — 2439 (5122 numbers remaining).
- Avoid 0 at the start or end since some countries may not like it. This eliminates 1000 (including 0000–0999) +90 (all four digit numbers ending with 0) (4032 options remaining).
My options are essentially halved, and I now have ~4000 numbers to choose from. I don’t claim accuracy in the above number, however I suspect its actually even less than 4000 options.
The point here is this — by creating these rules is the system more or less secure? If I was a hacker, would it make it easier to crack someone’s code through brute force?