|
|
|
|
|
|
by dhx
5081 days ago
|
|
|
38 bits of entropy for authentication may be plentiful if other security controls are put in place. Bank card security would not be noticeably increased by having 6 or 8 digit PINs instead of 4 digit PINs. The risk is mitigated by account lockout (swallowing cards), surveillance, damage limitation (daily withdrawal limits) and similar measures. The system proposed in this paper could be a valid mitigation against authentication risks in very specific circumstances. A better argument against this system would be one that addresses human usability and unnecessary cost/complexity. |
|
|
Further arguments include high overhead for learning (not to mention changing passwords) a given password, storage of passwords, and the idea that your password isn't summonable on demand.