[antonb2011]

Not so. If it's a 4 digit combination, it's already n!, so 24 combinations, which is enough for a good system to lock up and automatically call the police. If it's more, then it's gonna grow as n!/k!l!m!... where, k, l, m... are the numbers of repeated digits, but still it's more than enough to know that someone's trying to brute force the system.

[FreeFull]

The point is that the attacker watches from a distance, and using the rough hand movements he/she has seen can reduce that 24 combinations significantly.

[sageikosa]

Hence why I prefer the smaller keypads on ATM machines, so I can minimize my finger movements. Having one keycode for the supermarket is also a good way for disgruntled former employees to act malfeasantly.

[shawabawa3]

> so 24 combinations, which is enough for a good system to lock up and automatically call the police

24 is nowhere enough

1. Having a roughly 10% chance of getting it after 2 tries isn't exactly secure.

2. An attacker could just try 1 or 2 combinations per day

[stcredzero]

http://mindyourdecisions.com/blog/2011/01/27/game-theory-and...