Ten Top Tips for PIN Security

In our first blog on PINs we looked at the most common combinations and why choosing a good PIN is in your own interest. We now turn our attention to choosing the right PINs and keeping them safe.

It should be obvious that the most commonly used PIN patterns should be avoided (as should the least common ones now they have been published!) The more random the PIN pattern the better it will be. This is all well and good but you still have to remember it.

Here are our best tips for good PIN security:

Top Tip 1 – Don’t write your PIN down and leave it in the same place as the item it is protecting. For example, don’t try and ‘disguise’ your credit card PIN somewhere in your wallet which is where the card is located. The bad guys have seen most of these tricks before and know what to look for. A better idea would be to put a random 4 digit number in your wallet – they may use up one of their free guesses (sneaky eh?)

Top Tip 2 — Keep a list of your PINs at home in a safe place. Start a password/PIN book and record all your PINs and passwords. To be doubly safe, don’t write the PIN down in full, give yourself a hint. For example, you may decide to change your PIN to the last 4 digits of an old telephone number. Instead of writing the PIN down, just write “old tel number” For tips on storing passwords see our recent blog. See: How to create strong, memorable passwords that are difficult to crack .

Top Tip 3 – Chose a good PIN (random to anyone else but you) and stick with it. Unlike passwords, it is not generally considered necessary to keep changing PINs as any compromise is likely to be more immediately noticeable.

Top Tip 4 – Don’t use the same PIN for multiple devices. It is like the old proverb of not putting all your eggs in one basket – you don’t want everything compromised should one PIN become known.

Top Tip 5 – Be careful when entering PIN numbers. The most common way a PIN is compromised is through bad guys watching PIN entries. This could be at a bar, ATM or in a shop. Make sure you cover up the key pad so that no one can see what PIN you enter and be aware of your surroundings and who may be watching.

Once the bad guys are confident they know your PIN you will quickly become the target – avoid this at all costs.

Top Tip 6 – Never divulge your debit/credit card PIN to anyone. The banks will never ask for your PIN over the phone.

Top Tip 7 – Don’t use birthdays or memorable dates for a PIN. When the bad guys are looking for information about you, they target dates of birth, wedding, anniversaries etc because they know they are memorable to you and therefore likely to be used as a PIN. This increases their chance of success in the PIN guessing game.

Top Tip 8 – Don’t use any number sequence that is printed on a debit/credit card to formulate the PIN for that card. Things like one of the 4 digit groups as the PIN may appear attractive but is best avoided.

Top Tip 9 – Be aware of keypads where the same PIN is exclusively entered – the pad may become worn or show some indication of what the 4 numbers that make up the PIN. Smudge marks on a smart phone to unlock it and finger prints on a house alarm are just two examples.

Top Tip 10 — If you think your PIN may have been compromised, change it as soon as you can. Don’t wait until you know for definite – do it now!

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:


You may also be interested in:

Building business resilience

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How strong is your business resilience to threats to IT, information and physical security? And how can security standards like ISO 27001 and ISO 22301 help?

Ascentor's cyber security review 2020

Ascentor’s cyber security review of 2020

It was the year a different kind of virus dominated. But that didn’t stop cyber criminals exploiting it. We look back at 2020.

Cyber security myths of SMEs

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals and, in the worst case scenario, may not survive. We look at some of the myths that put SMEs at risk of cyber crime.