Ten Top Tips for PIN Security

In our first blog on PINs we looked at the most common combinations and why choosing a good PIN is in your own interest. We now turn our attention to choosing the right PINs and keeping them safe.

It should be obvious that the most commonly used PIN patterns should be avoided (as should the least common ones now they have been published!) The more random the PIN pattern the better it will be. This is all well and good but you still have to remember it.

Here are our best tips for good PIN security:

Top Tip 1 – Don’t write your PIN down and leave it in the same place as the item it is protecting. For example, don’t try and ‘disguise’ your credit card PIN somewhere in your wallet which is where the card is located. The bad guys have seen most of these tricks before and know what to look for. A better idea would be to put a random 4 digit number in your wallet – they may use up one of their free guesses (sneaky eh?)

Top Tip 2 — Keep a list of your PINs at home in a safe place. Start a password/PIN book and record all your PINs and passwords. To be doubly safe, don’t write the PIN down in full, give yourself a hint. For example, you may decide to change your PIN to the last 4 digits of an old telephone number. Instead of writing the PIN down, just write “old tel number” For tips on storing passwords see our recent blog. See: How to create strong, memorable passwords that are difficult to crack .

Top Tip 3 – Chose a good PIN (random to anyone else but you) and stick with it. Unlike passwords, it is not generally considered necessary to keep changing PINs as any compromise is likely to be more immediately noticeable.

Top Tip 4 – Don’t use the same PIN for multiple devices. It is like the old proverb of not putting all your eggs in one basket – you don’t want everything compromised should one PIN become known.

Top Tip 5 – Be careful when entering PIN numbers. The most common way a PIN is compromised is through bad guys watching PIN entries. This could be at a bar, ATM or in a shop. Make sure you cover up the key pad so that no one can see what PIN you enter and be aware of your surroundings and who may be watching.

Once the bad guys are confident they know your PIN you will quickly become the target – avoid this at all costs.

Top Tip 6 – Never divulge your debit/credit card PIN to anyone. The banks will never ask for your PIN over the phone.

Top Tip 7 – Don’t use birthdays or memorable dates for a PIN. When the bad guys are looking for information about you, they target dates of birth, wedding, anniversaries etc because they know they are memorable to you and therefore likely to be used as a PIN. This increases their chance of success in the PIN guessing game.

Top Tip 8 – Don’t use any number sequence that is printed on a debit/credit card to formulate the PIN for that card. Things like one of the 4 digit groups as the PIN may appear attractive but is best avoided.

Top Tip 9 – Be aware of keypads where the same PIN is exclusively entered – the pad may become worn or show some indication of what the 4 numbers that make up the PIN. Smudge marks on a smart phone to unlock it and finger prints on a house alarm are just two examples.

Top Tip 10 — If you think your PIN may have been compromised, change it as soon as you can. Don’t wait until you know for definite – do it now!

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:


You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.