Cracking Your PIN Code: Easy as 1-2-3-4


Recommended Posts

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?

Looks like it. I always check the ATMs outside and inside to see where the line is shorter to get things done quickly. And most of the times, the lines are shorter inside. Sometimes you only have people standing in line at the ATM outside and no one inside, as people are too lazy to get inside the bank to use the ATM there.

Link to comment
Share on other sites

Two tricks they use alongside a skimmer is for a man to stand behind you with a mobile in his hand as you enter the pin and just note it onto the device,hence the introduction in the UK of the [useless] yellow box near the ATM.The other more subtle is the placing of a downward facing camera on the housing above the keypad which films your keystrokes as you make them.

Which is why you should cover your hand as you enter your pin.

Link to comment
Share on other sites

This guy obviously doesn't have a clue how smart cards (bank cards) work then, they're pretty similiar to SIM cards in that you have 3 attempts to input the correct pin, the bank machine transmits the PIN to the card, if it is wrong, it is not the bank machine that logs it but the smart card, after 3 wrong attempts, the smart card refuses to accept any more pin numbers and locks itself out (there is no PUK code for bank cards as there are SIM cards) and so the machine keeps it. Older cards would just refuse to accept any more PIN attempts but keep all the data in the smart card, newer cards destroy all data on the card when 3 attempts have been failed, because you can in theory reset the count or read off the data using a very powerful microscope though you'd have to know exactly where to look.

Depends on the country. In the US ATM cards don't use smart cards and as such don't have this layer of "protection".

I wrapped protection in quotes because the smart card may be duplicated rendering this security moot.

Link to comment
Share on other sites

Only old ATMS eat the cards, the new ones are swipe only. However most block the card after 3 attempts.

You sure about that? My bank just upgraded their machines within the past year and they are not swipe only. The only places I've seen that are swipe only are ATM machines in shopping centers and such. Usually these are 3rd party ATMs.

Link to comment
Share on other sites

You sure about that? My bank just upgraded their machines within the past year and they are not swipe only. The only places I've seen that are swipe only are ATM machines in shopping centers and such. Usually these are 3rd party ATMs.

Read my previous posts! that was my first post.

Link to comment
Share on other sites

Most people if they get their cookies cleared can't remember their passwords to log back into sites. Most people first chance they get use a dictionary word as their password. When ever i'm helping someone set something up I ask them for a password they would want to use. First thing they said a word out of the dictionary. I tell them...uh no ..lets add something to that. People are HORRIBLE at security.

This one highschool kid got his facebook account hacked into. I walked them through resetting his password. I asked him ... "So what was your password"... he said "Football"

Link to comment
Share on other sites

Most of the places I see the "swipe" machines rather than the "swallow" machines are in malls, supermarkets, public places. Meaning where the likelihood of the engineer being available is low. Places you don't want your card swallowed.

Link to comment
Share on other sites

Hah, so weird, swipe cards?

I haven't seen a card being swept for at least 10 years now. Over here in Belgium everything is done with the chip and a PIN. I don't even think transactions with the magnetic strip are still possible, at least not national.

Link to comment
Share on other sites

Although I have always used the same pin, it has absolutely no significance to anything in my life, and would be pretty hard for anyone to guess, even if they knew me. Like everything else it's a simple matter of common sense.

Link to comment
Share on other sites

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

Not at all.

What is really amazing is that multi billionaire banking companies use a 4 numerical digits system as security.

Link to comment
Share on other sites

Well, my bank doesn't allow double digits for one. Meaning pins like 0112 or 3699 wouldn't work. I guess it's all a matter of what each bank enforces?

People will just create password using the 4 corners or things like that.

Why not an alphanumerical keyboard and variable length passwords including caps and symbols ? Then even if someone has 123456789 as password you still have to guess how many digits were used. And you have 3 tries to guess it or the account is frozen and the owner of the card has to show in his bank to unfreeze it.

Probably makes just too much sense ... and is probably too much expensive for multi billionaire companies.

Dont blame the users. Blame the security ... or lack of.

Link to comment
Share on other sites

Not at all.

What is really amazing is that multi billionaire banking companies use a 4 numerical digits system as security.

Yes ... my father still has a 4 digit pin with CIBC.

I'm with Desjardins for over 10 years, always had a 5 digit pin.

If you give out 8 digit pin, too many people will forget.

Link to comment
Share on other sites

Yes ... my father still has a 4 digit pin with CIBC.

I'm with Desjardins for over 10 years, always had a 5 digit pin.

If you give out 8 digit pin, too many people will forget.

Problem with more digits on a pin is you need compatibility.

For example in the UK, you'd need ALL banks and building societies to switch to using longer pins which would require new bank machines or at least a firmware upgrade, plus all the database infastructure would need upgrading.

That would cost BILLIONS. As they say, 'if it ain`t broke, don`t fix it'.

Link to comment
Share on other sites

Not really anything to be worried about unless the PIN actually is 1234, 1111, or 0000. You only get a couple tries before the ATM eats the card, so chances are the code won't be cracked in any timely manner.

Not all ATM's consume the card until the transaction is completed. Several models are swipe style.

Link to comment
Share on other sites

Is this USA based only, or are there crazy banks in other countries that don't have a security feature on the ATMs that just "eats" the card if you input the wrong pin three times and the only way to get the card back is to go to the bank?

My bank does this. It doesn't physically take your card but it does disable the card if the wrong pin is entered too many times. Happened to me once when I forgot my pin :/

Link to comment
Share on other sites

This topic is now closed to further replies.