How to choose a PIN - assessment of dictionary methods
This addresses security and usability issues for individuals and systems using PIN authentication, but it is incremental as it builds on existing dictionary methods.
The paper evaluated dictionary-based methods for choosing PINs and found they are far from ideal in terms of PIN space coverage and entropy, while also discussing methods to create easy-to-memorize PIN words for random PINs.
Personal Identification Numbers (PINs) are commonly used as an authentication mechanism. An important security requirement is that PINs should be hard to guess for an attacker. On the other hand, remembering several random PINs can be difficult task for an individual. We evaluate several dictionary-based methods of choosing a PIN. We experimentally show that these methods are far from ideal with respect to expected covering of the PIN space and the entropy of PINs. We also discuss two methods for constructing easy to memorize PIN words for randomly chosen PINs.