Dug Campbell

PIN Numbers and Passwords

Did you realise that the inventor of the ATM was Scottish? It was a new one to me too. Actually, there’s some debate around who gets the credit, but both of the front-runners are Scottish so it’s a pretty safe statement to make. I only found that out a couple of days ago when one of them, Jim Goodfellow, received an honorary doctorate.

However, Mr Goodfellow’s inventiveness was not just restricted to the ATM. His second significant claim to fame was that he invented the Personal Identification Number (PIN). It’s a system that’s still being used 48 years later in 2.7 million ATM’s worldwide as well as in point of sale (Chip & Pin) terminals that handle 1 billion transactions daily.

There’s only 10,000 possible combinations when it comes to a 4-digit PIN code. And around 11% of us are still using 1234, with another 6% using 1111. Of course with the rise of Bitcoin, its easy to see that a robust replacement is now starting to gain traction.

But as fallible as our existing PIN numbers might be, the passwords we choose are little better. The simple act of replacing four numerals with a collection of any number of letters, numerals and symbols of our own choice provides us with the opportunity for far greater creativity. And, as a fascinating article by Ian Urbina in the New York Times earlier this week showed, the passwords that we choose can reveal a huge amount about the individuals that we actually are.

I loved this piece. From the heartbreaking stories of one man’s attempts to get Cantor Fitzgerald back up and running in the aftermath of the 911 attacks (658 workers killed in one day, necessitating difficult conversations with family members during those first 48 hours in order to guess critical passwords) to the more mundane explanations by everyday people in which they reveal the reasons behind their password choices, one thing becomes clear. However strong a security system we build, it is always undermined by the fallibility of humans who inevitably remain the weakest chain in the link of internet security. For example, many use the word “incorrect” as a password – simply so that when they get the password wrong, their own computer will prompt them, i.e. “Your password is incorrect”.

It turns out that many passwords are essentially keepsakes we use as memorials to remind us of significant turning points in life, often of a painful nature. When a huge database of hacked passwords was made available a few years ago, analysis showed an above average usage of words relating to ‘love’. And some people use the password process as a way to reinforce a personal message that they want to be reminded of during the course of the many log-in’s required in an average day – eat more fruit, phone mum, that sort of thing.

It’s clear that we all hate passwords. The average number that we need and use on a regular basis increases almost by the day. And there’s some great advice out there for how to create truly memorable secure ones of course. But the reality is that for most people, perhaps we just need a little more humanity in the process than we would otherwise admit to.

Yes it weakens the security. But perhaps for that one brief second when you assume that you’re on your own, when it’s simply you at the temporary doorway that’s popped up on your screen, as it does every day in life, maybe we all just want to be reminded of something that’s means something real to us – and not just a line of numbers and symbols.