Feature request: PIN code generator (that does not generate blacklisted PIN codes)
While generally unsafe one sometimes still has to use a PIN code (often of 4 or 6 digits).
Can you please implement a PIN code generator that generates PIN codes that are not on Apple's iOS Passcode blacklist (or published data-driven blacklists, likes those based on PINs released by Daniel Amitay in 2011)?
Blacklists are available here: https://this-pin-can-be-easily-guessed.github.io/#datasets
(Or does this make PIN codes even less secure, since you are reducing entropy if you don't allow all combinations?)
Additionally you might consider adding this to Watchtower?
Comments
-
@XIII - the reason PIN codes are considered generally unsafe is the ease with which they can be cracked by nearly any modern computer, even a fairly weak one in terms of ultimate processing power (no GPU-enhancement, etc). A four-digit PIN code means numerals only, and a maximum of 10,000 possibilities, 0-9. That is trivial to "pick" for even the phone sitting in your pocket; in other words, ALL PIN codes are "easily guessed." Some may be a bit more obvious than others, but none are sufficiently robust to consider as good security.
If you must use them -- and I agree, sometimes sites or services leave you no choice -- you can set 1Password 7 for Mac's generator to "PIN code," like this:
Hope that helps. :)
0 -
I did not even know there was a PIN code generator...
Would (still) be nice if that could support the mentioned blacklists.
0 -
Considering the level of security offered by any 4-digit or 6-digit PIN I struggle to justify in my own mind building a system that only blacklists specific ones. I suspect the value that would provide would be outweighed by the development effort to implement it, but I'll mention it to the team and see what they think. :)
Ben
0 -
I think you’re right...
0 -
:+1:
0
