PIN is Easy to Manage — Really?
What we are told by security experts — “PIN is easier to remember and recall than alphanumeric passwords because the former is generally shorter and contains fewer information than the latter”.
What most of us experienced ourselves — “PIN is not easier to remember and recall than alphanumeric passwords. Moreover, the former is easier to confuse because it contains fewer information, despite the teaching by security experts.”
For instance, what would happen if we try to displace some old PINs with new ones? — New ones and old ones, still not dead in our memory, would start to compete in our brain. It is due to the phenomenon called ‘Interference of Memory’ (*1).
Another confusing factor — We assume that PIN, the name of which was also confusing (*2), came up when security people took it for granted that they did not need to take psychology or cognitive science into consideration.
Confusions about PIN might have even driven certain security people to allege that PIN, which is a weaker form of numbers-only passwords, does not belong to the password. What we are now witnessing is a grotesque ‘PIN-dependent passwordless’ authentication schemes (*3)
*1 Interference in Psychology https://www.verywellmind.com/interference-definition-4587808
*2 The full name of PIN is ‘Personal Identification Number’, very misleading in view of the fact that it is actually used for ‘Identity Authentication’, not ‘Personal Identification’ in this world.
#3 “The Tremendous Power of PIN” https://www.linkedin.com/posts/hitoshikokumai_removal-of-passwords-and-its-security-effect-activity-6774506583117443072-JfTJ
and “Want to Dive into Suicidal Disaster?” (15Oct2023) https://www.linkedin.com/posts/hitoshikokumai_what-are-passkeys-google-announces-the-end-activity-7119239282887704577-89s9
As such, it could theoretically help to add PIN as a security factor but practically the burden on the user could be unjustifiably heavy. Users attempt to escape the burden by writing them on a memo and carrying it around together with the cards and devices that accept anyone who hold the memo.
In view of the ubiquitous and still increasing presence of PIN, however, we need to do something to make it human-friendly Our proposition is to get it managed by Expanded Password System that enables citizens to make use of their non-volatile episodic image memory.