[ynoclo]

This could work if you are always forced to enter the full password to start a login session. The "PIN" password's hash could be generated at that point and held in protected memory (e.g. by a root process); it would go away on logout, as well as after some small number of failed attempts.

As to whether it's a good idea, that's debatable: if you want to solve the problem of being prompted for an admin password many times to perform tasks, a better answer might be to prompt once and get some sort of authorization ticket which allows the user to do a particular task without entering a password until the ticket expires.

[loy22]

Thanks for the feedback. Security and user experience is always a matter of balance. I was seduced by the idea of having a strong password, but I think the current implementations discourage it for a regular use. From what I understand the only alternative under Ubuntu is to disable the prompts altogether, which is really not recommandable. Windows 7 has a nice way to handle it, I wonder if it is secure enough.