Authentication: PIN

1, 2, 3, 4, 5

That’s the kind of thing an idiot would have on his luggage

Let’s take a look at PIN-based authentication.


Isn’t a PIN just like a password?

Does that mean a PIN is considered a multi-factor authentication solution?



However, there are some major concerns when it comes to PIN-based authentication

  1. Uniqueness: A PIN can only be used on the device it was created on. However, there is nothing preventing a user from using the same PIN across multiple devices.
    Of course none of us would do that because we don’t use the same password across multiple sites.
  2. Complexity: A PIN is usually between 4-6 digits.  There are only so many combinations. And to make something easy to remember, users often use birthdays, anniversaries, patterns (draw an “x, a cube or select 4 corners)
  3. Secondary passwords: Think about signing into Windows 10 with a PIN. That PIN unlocks locally cached credentials, which signs you onto the domain.  If you have are forced to change your domain password, that password will get updated in the local cache on the current device.  However, when you use another Windows 10 device and log in with a PIN, the locally cached domain credentials on that device still have the old password, requiring the user to re-authenticate.

Authentication Blog Series: 

Daniel (Follow on Twitter @djfeller)
Citrix Workspace Poster
XenApp/XenDesktop On-Prem Poster
XenApp/XenDesktop Cloud Service Poster


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.