[Lost_BiomedE]

My girlfriend worked at bank that did this. The alert PIN was your PIN backwards. I don't know if they still do this or not.

[samwillis]

I heard about this before. According to Snopes it's false although it may have been implemented in A few places.

http://www.snopes.com/business/bank/pinalert.asp

http://en.m.wikipedia.org/wiki/ATM_SafetyPIN_software

[rplnt]

Thanks for the wiki article. I've heard about it and was pretty sure it's a hoax (mostly because of the palindromes).

[gillygize]

Out of curiosity, do you know what happened if the pin number was a palindrome? Did they restrict your selection to prevent that?

[Lost_BiomedE]

Yes, they restricted the selection. They also encouraged each number to be unique.

[etcet]

For the interested: enforcing no palindromes and unique digits reduces the number of possible PINs by about a factor of 2, bringing it down to 5040 4-digit combinations.

[JS code] http://pastebin.com/3A46BP1C

[Jabbles]

If the digits are unique then there are no palindromes. Therefore there are 1098*7 = 5040 combinations.

[etcet]

The formatting ate your *'s but I understand. That's definitely the better way to reason the problem. In my defense it was late (after a trip to the bar) and my code is basically stream of consciousness.

[botker]

That's a funny requirement. Requiring uniques reduces password strength.

[slowpoke]

Bank PINs aren't really about password strength though. To prevent brute force, they simply block access after n tries (usually n = 3). They are just a way of preventing access to the card in case of loss or theft. So as long as there are enough combinations to make the chance of a successful brute force after three tries small enough, it doesn't really matter how strong the password is.

For online banking, there are usually added security schemes and the PIN isn't used at all.

[adolph]

Dang, no palindrome PINs then, eh?