Should PINs be seen as weak?
I have a few reward programs and one of them has a common-type 4-number PIN. Just like my credit card. Should these should be visible in the Weak Passwords smart folder? I'm not so sure, for once I can't use anything else than numbers if I were to change them, and even then it would by all accounts be limited to four numbers still. It also requires physical access to the card itself.
Comments
-
Hi @Niklas,
Thanks for the question! Our developers are looking for a way to exclude items like PIN codes from the 'Weak Passwords' section of the Security Audit. Obviously, a 4-digit number has limited security and is not as strong as a 20 character randomly generated password, but if you are constrained to this structure, there is limited usefulness to see them in the 'Weak Passwords' section. :)
0 -
Exactly my thoughts.
Thanks for your response and that you are considering this.
0 -
Just wanted to post the same thing. Good that someone else noted that too ;)
0 -
Considering how long 1Password has been in existence, it's rather worrying that you're still only just thinking about this obvious difference between a PIN and a Password.
I've just discovered that there is a PIN field in a Credit Card record and it's not type Text or even Password really as there is NO password generator icon next to it when editing. So this actually appears to be a (much required) third field type. Unfortunately...
You cannot create fields of this type. You can only choose text or password and then have the interfering generator problem.
If you delete this field, you can't get it back. So you now have a Credit Card record with NO field of type PIN and you're stuck with password type and the problems that entails.
It's disappointing to return to 1Password and find stuff like this is still so bad. As I said, disappointing.
0 -
Thanks for the feedback!
0
