[ars]

Don't most people have a 4 digit pin?

But in any case showing pins that way wouldn't work anyway - most people have a muscle memory for their pins, but would not recognize them when written down.

[c-oreills]

I recently got a new card and remembered the PIN spatially. After a few times of typing it in I realised that, though I was typing the digits of the new PIN, I was subvocalising the digits of my old PIN. It was a really odd sensation.

Having said that, I would recognise both PINs as both a string of digits and as a spatial sequence... so that would probably just be another attack vector.

[Deestan]

> I realised that, though I was typing the digits of the new PIN, I was subvocalising the digits of my old PIN.

I trained myself to do this on purpose; subvocalising a different number. If I'm drugged out in a hospital bed and someone asks for my CC PIN, I want them to get an incorrect number.

[aa0]

Well that took a turn... Do you also by chance drink poison every day to build immunity for when that vicious lad taps your drink?

[Deestan]

Yes - If he tries to poison me with caffeine, I'm pretty safe.

I'm not genuinely worried about being robbed of my PIN, though. I just found the mental challenge interesting.

[mcherm]

Wow. I used to think that I was rigorous about security...

[nobodyshere]

You also forgot to mention multiple cards and pins people have / used to have. I'd expect a false trigger in the system in that case.

[PeterisP]

You get a bunch of positives and check/bruteforce afterwards. This system couldn't distinguish my creditcard PIN from my office alarm PIN code, but it can give a shortlist to try.

[anigbrowl]

That seems a highly questionable assumption to me.