Memory-only selection of dictionary PINs
This addresses security concerns for users relying on memory-only dictionary PINs, but it is incremental as it builds on existing metrics and methods.
The paper tackled the problem of estimating the security of dictionary-based PINs selected from memory without aids, using established security metrics like entropy and guesswork. The results showed that straightforward construction yields unsatisfactory security, requiring more involved methods to produce secure PINs.
We estimate the security of dictionary-based PINs (Personal Identification Numbers) that a user selects from his/her memory without any additional aids. The estimates take into account the distribution of words in source language. We use established security metrics, such as entropy, guesswork, marginal guesswork and marginal success rate. The metrics are evaluated for various scenarios -- aimed at improving the security of the produced PINs. In general, plain and straightforward construction of memory-only dictionary PINs yields unsatisfactory results and more involved methods must be used to produce secure PINs.