password versus pin in application authentication

password versus pin in application authentication
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
password versus pin in application authentication Raymond 05-29-2006
Posted by Raymond on May 29, 2006, 8:38 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
In an application authentication, it is very common to see many
applications use username/password combination for authentication
access. However, some applications use username/pin combination as
well. My question is in what scenarios we should use username/password,
and in what scenarios we should use username/pin when we design the
authentication method? My observation is that pin usually is numeric
only, but password can contain both letters and numbers.

Please advice and discuss.

Thanks,
Raymond


Posted by Imhotep on May 29, 2006, 10:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Raymond wrote:

> In an application authentication, it is very common to see many
> applications use username/password combination for authentication
> access. However, some applications use username/pin combination as
> well. My question is in what scenarios we should use username/password,
> and in what scenarios we should use username/pin when we design the
> authentication method? My observation is that pin usually is numeric
> only, but password can contain both letters and numbers.
>
> Please advice and discuss.
>
> Thanks,
> Raymond


...it depends on what the pin is. Sometimes a pin is a keyfob etc...in this
case the pin changes everytime it is used for changed based on time. These
are very secure...especially if they are not tied to a computer (keyfob)...


Imhotep

Posted by Volker Birk on May 30, 2006, 2:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> In an application authentication, it is very common to see many
> applications use username/password combination for authentication
> access. However, some applications use username/pin combination as
> well. My question is in what scenarios we should use username/password,
> and in what scenarios we should use username/pin when we design the
> authentication method? My observation is that pin usually is numeric
> only, but password can contain both letters and numbers.

PIN and Password are the same. Usually, a password is called PIN, if
it's very short (too short to be secure itself), and another provision
offers security. Usually, a PIN may be tried only a very limited time,
and afterwards an authentication system has a fallback to a more secure
password, so the PIN cannot be computed using brute force.

PINs are only for user's convenience.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Posted by Unruh on May 30, 2006, 11:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>In an application authentication, it is very common to see many
>applications use username/password combination for authentication
>access. However, some applications use username/pin combination as
>well. My question is in what scenarios we should use username/password,
>and in what scenarios we should use username/pin when we design the
>authentication method? My observation is that pin usually is numeric
>only, but password can contain both letters and numbers.

A pin (Personal Identification Number) is just a short numeric password.



>Please advice and discuss.

>Thanks,
>Raymond


Similar ThreadsPosted
OPIE or SKEY authentication on web application January 26, 2005, 7:43 am
Authentication with RSA SecurID Token & LDAP password March 23, 2006, 9:35 am
How to enhance login/password weak authentication ? January 18, 2007, 6:17 am
Phishing versus phlishing May 8, 2007, 5:47 am
Re: HID Proximity Cards: Decoded Versus Undecoded Outputs? December 22, 2007, 3:31 pm
HID Proximity Cards: Decoded Versus Undecoded Outputs? September 29, 2006, 4:36 pm
SSL Server authentication, SSL client authentication, SSL connection and SSL session August 14, 2006, 1:05 pm
WEP authentication, why WEP authentication scheme is flawed and how it can be attacked August 1, 2006, 12:51 pm
Application Hosting January 23, 2008, 5:31 am
access to server application January 10, 2006, 11:21 am

The site map in XML format XML site map

Contact Us | Privacy Policy