Your Password is Your New PIN

Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)


This chapter will describe a method of deriving new PINs from existing passwords. This method is useful for obtaining friction-free user onboarding to mobile platforms. It has significant business benefits for organizations that wish to introduce mobile apps to existing users who already have passwords, but are reluctant to authenticate the users with the existing passwords. From the user’s perspective, a PIN is easier to enter than a password, and a derived PIN does not need to be remembered—assuming the user has a password and can recall it. In addition, even though the PINs are derived from passwords, they do not contain sufficient information to make the passwords easy to infer from compromised PINs. This, along with different transaction limits for PINs and passwords, makes the derived PINs more useful in a situation where users have to enter their PINs in public. We describe real-life password distributions to quantify exactly how much information about the passwords the derived PINs contain, and how much information is lost during the derivation. We also describe experiments with human subjects to qualitatively and quantitatively show that the user-side derivation method is easy to use.


Entropy Estimate Mobile Handset Numeric Keypad Weak PINs Mobile Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© The Author(s) 2013

Authors and Affiliations

  1. 1.PayPalSan JoseUSA

Personalised recommendations