On 10.07.2017 17:42, Guan Xin wrote: > This is probably a general question -- > > I have never seen a German bank that allows changing the PIN of a card.
I am not sure if this is an intentional limitation of the cards (to prevent users from choosing idiotic pins like 1234 or their birthday). > So I wonder if it is because using a fixed (non-changeable) 4-digit PIN > mailed in clear text really safer than using a 4 to 6 digit variable > length PIN that never explicitly appears anywhere. I recently had a talk with one of my banks because they didn't even allow changing the web password (for access to online banking) to something being longer than 5 alphanumeric digits (!!!). Although (in my case) the subject of the talk was the web password, the following applies to the card pin as well. - Usually, you are receiving the card's pin by postal mail. It is consensus here in Germany that postal mail is highly trustworthy and that the so called "Briefgeheimnis" is obeyed very carefully. The legal hurdles for opening a letter during transport are still very high. - Additionally, you are usually receiving the pins in a special envelope which (AFAIK) makes it very difficult to read the letter's content without opening it, even by advanced means (X-ray and the like). In many cases, the pin is even more secured (metal coating). I (personally) consider receiving pins that way safe. But the key point in the bank's argumentation was (applies to pins as well as to my online banking access): - If somebody tries to brute force the pin (or online banking password), the access will be permanently denied if there are more than 3 failures (the exact number may vary). That means that the length of the pin / password is not as important as one might think, because it is practically impossible to brute force a 4 digit pin with only 3 tries. I know that the chance for guessing 4 digits within 3 tries is higher than guessing 6 digits, but obviously, most banks are considering 4 digits safe enough. Furthermore, if you are really hacked and lose money because of this, the bank will compensate your loss provided that you did not behave like an idiot (i.e. if you did not note the pin on a piece of paper, attached that piece of paper to your card and then lost both of them). At least, they did so in all cases I know about, despite of the fact that the respective customer (of course) could not *prove* at a technical level how the hacking worked. As long as the customer could demonstrate credibly that he had not done any very silly mistake, the bank compensated. Due to all reasons mentioned above, I (personally) think that you should not be concerned by the length of the pin, the fact that you can't change it, and the way you receive it. > If German banks are right, then should I follow their method and store > the PINs of my OpenPGP cards on a piece of paper? Now, this is a completely different question which does not have to do anything with the pin's length. The answer to this question completely depends on your environment and your intentions. I will explain this by two examples with contrary conclusions: Example 1: You always forget that pin of your EC card. Therefore, you write it down to a piece of paper and put it into your wallet besides your EC card. Well, as said above, this obviously would be the most silly thing you could do. No bank will compensate you if you lose your wallet (with the card and its pin) and if somebody then steals your money. So you think about it and come to a better idea. You could store the pin on your smart phone. This indeed is better - hopefully you won't lose your smart phone and your banking card at the same time. But there is still a small chance that you do. You think again and finally have a good idea. You install a password safe app on your smart phone which locally stores all pins and passwords with strong encryption. You operate that app with great discipline: You choose a long, weird master password which you must enter to open the password safe where the pin is stored. You open the safe only when needed, and you close it immediately when done, and you don't let the app (or OS) cache the master password. (Note: Of course, you MUST NOT write the master password on a piece of paper and attach that paper to your smart phone ...) So, in this example, carrying a piece of paper with you where the pin is noted is a very bad idea, but carrying that pin with you on your smart phone is a good idea provided that the pin is stored there in a heavily encrypted password safe and provided that you operate that safe with some discipline. You still have to memorize that safe's master password, but this is a one time thing, and you then could store all other passwords and pins in that safe. Example 2: On your desktop PC, you are using the internet excessively, and you are afraid that some Trojan horse / keylogger will be able to get on your PC (given the latest ransomware attacks, this obviously is a real threat even when you are running an up-to-date virus protection). In this case, using a password safe software won't protect you. The Trojan horse / keylogger could be able to intercept all your keystrokes, including your master password for the password safe. If you don't use a password safe and just store the passwords in an unencrypted text file (perhaps because you are the only person who physically has access to the PC in question), a Trojan horse will be able to read all your passwords even without intercepting keystrokes. So, in this case, it obviously would be better to write down your passwords on a sheet of paper provided you can store that paper in a place where only you have access to (for example, some secret place in your private apartment). >From these examples, it should be clear that there can't be a general recommendation which fits all cases. And there is one more very important thing most people don't think of: What happens if you have an accident or if you die? Your heirs will have all sorts of troubles if something happens to you and they can't access your electronic accounts because they don't have the passwords. So I tend to write down at least my master password on a sheet of paper, put that in a sealed envelope and give it to a relative who I highly trust. In case I die, they open the envelope, have the master password for my password safe and can use that to open the access to all my accounts. Alternatively, you could have some relative you trust memorize your master password. But since he won't use it regularly (hopefully), he probably will forget it after short time ... Regards, Binarus _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users