Updated on June 15th, 2023.
If you own a mobile device you probably use a PIN to unlock the device instead of a password. But what exactly is a PIN and how does it differ from a password?
The main differences between a PIN and a password are that there is more flexibility when creating passwords, and PINs are often tied to the devices they use, whereas passwords are not.
Read on to learn more about PINs and passwords, and what makes them different.
What’s a PIN?
PIN stands for Personal Identification Number. PINs function similarly to passwords in that they are used to verify that a user is permitted access to accounts, devices and data. A PIN usually consists of four to eight numbers, although variations may include letters. However, a four-digit PIN is the most used and is considered the standard for most applications because the man who invented the ATM in the 1960s claimed that his wife couldn’t remember more than four numbers.
The use of PINs has grown with the popularity of mobile devices. Entering long passwords is a pain with a touchscreen, so a PIN presents a quicker, more user-friendly experience. There are many ways to implement PINs, but the most common is to link them to a specific physical asset, such as a computer, credit card, phone or mobile application. Most of us had our first encounter with PINs when we first used an ATM card. In that case, the PIN is a form of Two-Factor Authentication (2FA). The physical card is the first factor and the PIN provides an additional level of verification demonstrating that the cardholder is authorized to use it.
What’s a Password?
Passwords are a string of characters that use upper and lowercase letters, numbers and symbols. Passwords provide more freedom to create unique combinations of characters and make them as long as you want them to be. However, because of the length and complexity needed for a password to be strong, they are harder for users to remember on their own. This often leads to people using the same passwords or variations of the same password across multiple accounts. The less random, unique and long the password is, the easier it is for a cybercriminal to crack it.
PIN vs Password: Which is More Secure?
Most people would assume a password is more secure than a PIN because of the length and complexity. However, applications that allow the use of PINs are considered harder for cybercriminals to crack. A PIN that is four numbers long has only 10,000 possible combinations, which you’d think would be easy for a password cracker to defeat, but it’s not.
For one thing, PINs almost always require manual data entry. Using a keyboard to attempt a brute force attack, in which a cybercriminal uses trial and error to guess a password, would quickly frustrate bad actors. Most systems that use PINs also specify a maximum number of access attempts before shutting down. For example, Apple’s iPhone gives you just six chances to enter a six-digit PIN. After that, the phone is disabled. If you have the “Erase Data” setting enabled on your iPhone, after 10 failed passcode attempts, all of your phone’s data is erased. On Windows, you can choose how many incorrect attempts are allowed. If a user ends up exceeding the lockout threshold value you set, your account will be automatically locked.
Let’s say you set your failed login attempts to four. Given four attempts to authenticate against the possibility of 10,000 codes, the intruder has only a .04% chance of success. That’s why some people say PIN security is actually better than password security. However, this all depends on how you set your lockout threshold.
Just because one is potentially more secure than the other doesn’t mean you can or should eliminate passwords altogether. What you should do is make both your PINs and passwords as secure as possible.
How To Secure Your PINs and Passwords
Here are a few tips to make your PINs and passwords secure.
Securing your PINs
It’s important to understand that although PINs are considered to be more secure than passwords, they demand the same level of care as passwords. Unfortunately, many people simply choose the first numbers that come to mind. Research conducted by the SANS Institute found the PINs “1234,” “1111” and “0000,” along with 17 similar combinations, accounted for nearly 26% of all the four-digit PINs they analyzed.
When creating a PIN, avoid using easily guessed or researched PIN combinations, such as the last four digits of your Social Security number, your phone number, or the day and month in which you were born. If you want to use a number that’s easy to remember, try an old phone number that can no longer be traced to you.
If the online services that you use offer the option of a PIN to complement your username and password, we recommend you use it.
Securing your passwords
When creating passwords, it’s best to rely on a password generator to generate your passwords for you. For a password to be secure, it should be:
- At least 16 characters long
- Include numbers
- Include uppercase and lowercase letters
- Include symbols
- Not include personal information
- Not include common dictionary words
You most likely have several accounts you need to secure with strong passwords, meaning it’ll be impossible for you to remember them all yourself. We recommend using a password manager to remember all your passwords for you. A password manager is a tool that helps you generate, manage and securely store all your passwords and sensitive information. The only password you’ll have to remember is your master password which is the password you’ll need to access your vault.
Both PINs and Passwords Are Vital for Cybersecurity
PINs and passwords are both used as ways to verify that a person accessing an account or device is the actual owner of it. They’re both important for keeping your accounts secure, but it’s up to you to use them correctly to have the best protection, which means making them as secure as they can be. Because making them secure means not using any personal information, remembering them all on your own will be impossible. However, you can use a password manager to help you store your PINs and passwords while keeping them secure.
Start a free 30-day trial of Keeper Password Manager to see how a password manager aids you in securely storing your PINs, passwords and more.