corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » New form of password to replace standard PIN.


New Topic

New Poll
  <<  2    3    4    5    6    7  >> Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author New form of password to replace standard PIN.
AndyKent
Member

Registered: 3rd Sep 05
User status: Offline
24th Feb 09 at 15:01   View User's Profile U2U Member Reply With Quote

Got to side with Paul and Chris here.

I can see that its a bit more secure, though not at all convinced its '100x' safer but I don't think it stacks up somehow.

Lots of fraud goes on mostly because people are careless - they hand their card over to assistants in petrol stations for them to put it in the PIN machine for them. Its not difficult to put a card in a slot but they do so anyway - I've even seen an assistant apparently readjust their shirt whilst holding someones card and putting their hand below the counter.

The person whos card it was didn't even bat an eyelid whereas I would have gone mental.

Basically, I can't see the benefits this system would bring being outweighed by the massive cost of implementing it, only for people to still be careless anyway.
AndyKent
Member

Registered: 3rd Sep 05
User status: Offline
24th Feb 09 at 15:04   View User's Profile U2U Member Reply With Quote

In fact if half the fraud is commited via the internet (which I imagine it is) wouldn't it be far cheaper and easier for banks to force online retailers to ask for the customers current PIN number during verification?

At the moment they just ask for the last 3 digits on the back of the card.

[Edited on 24-02-2009 by aPk]
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:05   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by aPk
Got to side with Paul and Chris here.

I can see that its a bit more secure, though not at all convinced its '100x' safer but I don't think it stacks up somehow.

Lots of fraud goes on mostly because people are careless - they hand their card over to assistants in petrol stations for them to put it in the PIN machine for them. Its not difficult to put a card in a slot but they do so anyway - I've even seen an assistant apparently readjust their shirt whilst holding someones card and putting their hand below the counter.

The person whos card it was didn't even bat an eyelid whereas I would have gone mental.

Basically, I can't see the benefits this system would bring being outweighed by the massive cost of implementing it, only for people to still be careless anyway.


The point is people are ALWAYS going to be careless.

With the current PIN system if they are careless a person could clone a card and go home and spend using it. Or they could watch you then enter your pin and go and spend anywhere with it.

With this new system (or something like it) a card could be cloned and it be of no use to anyone. They couldnt go and spend anywhere as they'd need to enter the new type of pin. They could watch you enter the pin and they couldnt go and spend in shops as they couldnt enter the same 4 numbers they saw you enter.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:06   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by aPk
In fact if half the fraud is commited via the internet (which I imagine it is) wouldn't it be far cheaper and easier for banks to force online retailers to ask for the customers current PIN number during verification?

At the moment they just ask for the last 3 digits on the back of the card.



Partly yes, in fact a lot of places now ask for various parts of your password.

This would take that further as this PIN has been proven to be more secure than a password for 4 digit PIN.
John
Member

Registered: 30th Jun 03
User status: Offline
24th Feb 09 at 15:07   View User's Profile U2U Member Reply With Quote

Chip implanted in your finger and a PIN would work imo.

If somebody wants to go to the lengths of cutting your finger off then they deserve it.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:08   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by John
Chip implanted in your finger and a PIN would work imo.

If somebody wants to go to the lengths of cutting your finger off then they deserve it.


That is the ultimate way, and more than likely where it will end up in years to come.
John
Member

Registered: 30th Jun 03
User status: Offline
24th Feb 09 at 15:10   View User's Profile U2U Member Reply With Quote

In years to come i'm sure it'll be easy to make the chip die when the blood supply is lost.

Somebody will probably always crack whatever method you use though.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 15:11   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
quote:
Originally posted by Paul_J
Costs are a assumption, but having to change the whole infrastructure of every bank ATM, every person's Pin and every chip and pin machine is going to be costly.




ATM's are easy, as its purely a software change. The software on ATMs is updated constantly with new security patches, etc. and Im guessing is remotely done - ie. not a big job at all.


You have to be fairly nieve to think that changing the entire system that our current ATM's use world wide would be a simple and cheap process.

How come some ATM's have nice new fancy interfaces and some are still the old green and black text interfaces? They'll always be old hardware out there that won't be able to cope with the new system that needs updating.

If you replace the PIN we all use, with a brand new pin with symbols, EVERY (not some) machine will need to be updated...

A cost you have seem to not thought about is the fact that, if you change every ATM to a new system over night, how will people know what the fuck is going on and how to use it?

Massive advertising will be needed to ensure people know what it is, how they use it etc.
John
Member

Registered: 30th Jun 03
User status: Offline
24th Feb 09 at 15:12   View User's Profile U2U Member Reply With Quote

Although it's good people are trying to combat fraud I still have the same opinion of this as I did when we were discussing it originally, it will be difficult to implement and criminals will find a way around it anyway.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 15:14   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by John
In years to come i'm sure it'll be easy to make the chip die when the blood supply is lost.

Somebody will probably always crack whatever method you use though.


To be honest, thumb scanners already check for pulse in high security usage.

I'd invest in a system like this, much more secure...

Well unless people hold you at gun point and walk you to the machine of course or clone you and insert a identical chip into the clones finger
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:15   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
quote:
Originally posted by Cosmo
quote:
Originally posted by Paul_J
Costs are a assumption, but having to change the whole infrastructure of every bank ATM, every person's Pin and every chip and pin machine is going to be costly.




ATM's are easy, as its purely a software change. The software on ATMs is updated constantly with new security patches, etc. and Im guessing is remotely done - ie. not a big job at all.


You have to be fairly nieve to think that changing the entire system that our current ATM's use world wide would be a simple and cheap process.

How come some ATM's have nice new fancy interfaces and some are still the old green and black text interfaces? They'll always be old hardware out there that won't be able to cope with the new system that needs updating.

If you replace the PIN we all use, with a brand new pin with symbols, EVERY (not some) machine will need to be updated...



Indeed - you do still get some of these old machines. I dont come across them often round here (round here being out in the sticks where I was brought up and in both Manchester and Liverpool) but Im sure you'll tell me lots of them exist around you.

Maybe they'll update them, maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea, as said though, banks are actively looking to replace PINs so they would of considered everything they'd have to change and the costs involved.

quote:

A cost you have seem to not thought about is the fact that, if you change every ATM to a new system over night, how will people know what the fuck is going on and how to use it?

Massive advertising will be needed to ensure people know what it is, how they use it etc.


Of course it would, just like when PINs came into play.

It again comes back to my point above, banks are actively looking to replace it, they know the costs involved and still wanting to do so.

[Edited on 24-02-2009 by Cosmo]
Brett
Premium Member

Avatar

Registered: 16th Dec 02
Location: Manchester
User status: Offline
24th Feb 09 at 15:15   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger

Someone watched the 6th day last night

Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:17   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by loafofbrett
quote:
Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger

Someone watched the 6th day last night

Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.


Exactly, thats not a big job at all really.

The biggest cost is the pin machines in shops, but even these are being replaced on a regular basis (given my experience in our shops) at the moment anyway.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 15:21   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea,


^^

This is what I said earlier... I can see it as the only viable solution of easily using your new form of PIN in a real world application (well for now anyway). However, it means it'll just be another pin people have to remember.

That said, I won't be surprised if it gets implemented in the near future as a new secure pin, where either can be used, or if not available your old low tech one is used instead. So it puts the choice of security in to the persons court, they can use the symbol based one if they want to protect themselves and can be bothered to remember it. But for the lazy / dumb people they can continue being idiots and using standard pin.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:23   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
quote:
Originally posted by Cosmo
maybe they'll run both systems (pin and symbols) alongside each other for a number of years. I have no idea,


^^

This is what I said earlier... I can see it as the only viable solution of easily using your new form of PIN in a real world application (well for now anyway). However, it means it'll just be another pin people have to remember.

That said, I won't be surprised if it gets implemented in the near future as a new secure pin, where either can be used, or if not available your old low tech one is used instead. So it puts the choice of security in to the persons court, they can use the symbol based one if they want to protect themselves and can be bothered to remember it. But for the lazy / dumb people they can continue being idiots and using standard pin.


I dont think they'll ever leave the choice up to the user, its not in the banks interest.

If they did it they'd only allow the use of the simple pin where the new one cant be used, but Id expect this would only be on old cash machines where it hasnt been replaced yet and in places where the chip and pin machine hasnt been replaced.

It would be in the banks best interests, if they were going to implement this technology at all, to replace what they could straight away.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 15:24   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
quote:
Originally posted by loafofbrett
quote:
Originally posted by Paul_J
or clone you and insert a identical chip into the clones finger

Someone watched the 6th day last night

Surely with regards to ATMs it wouldn't need to be these fancy touch screen keypads that change symbols? Couldn't the current key confirguration just been shown on screen and then the relevant number pressed on the pad? The machine could remain the same cosmetically. Like cosmo says, a software change would be easy.


Exactly, thats not a big job at all really.




It was based on the above style system I still think it'll cost a lot to change. No exterior changes to the machine.

However, if you're changing the fundamentals of how the system works and when people go to use it, you have to explain to people that A ) it has been changed and B ) how to use the new system - hence it being costly. Plus the fact there'll always be old tech out there somewhere that needs to be replaced.

- which could be countered by running both old PIN and new secure PIN side by side for years until old tech is phased out.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:26   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
However, if you're changing the fundamentals of how the system works and when people go to use it, you have to explain to people that A ) it has been changed and B ) how to use the new system - hence it being costly.



Its not a massive job though really, its still a 4 digit pin that you get from your bank and learn. Then go to a machine, find the symbols and enter them.

Now thats fairly simple really, not rocket science and isnt like you're teaching someone to use the new rocket ship provided to everyone to get around in as tarmac has suddently become deadly.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 15:29   View User's Profile U2U Member Reply With Quote

Running old and new systems side by side helps greatly...

It allows people to adjust and realise the better system is superior and start using it. It also allows old uncompatible tech to be phased out and new to be introduced and implemented... It allows bugs or problems to be ironed out, rather than a major flaw found straight away...

Having both run together for a while would be an ideal way of implementing it imo...

Same way we have Ipv6 and Ipv4 running side by side as not everything is compatible with Ipv6

And originally with Chip and Pin, you could sign for stuff if you didn't know your pin.

And with digital freeview tv, they've kept both systems running for years and are only now turning analogue off.

Etc... If you're going to make a MAJOR change to something fundamental in people's lives, it's better to do it gradually with both in parrallel than instantly switch over.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:31   View User's Profile U2U Member Reply With Quote

Agreed - at the end of the day though thats upto the banks or whoever. It would be how Id do it though.

All PinOptic does is provide the solution, allows the banks to use it under license and then they implement it however they see fit.
Dom
Member

Registered: 13th Sep 03
User status: Offline
24th Feb 09 at 15:51   View User's Profile U2U Member Reply With Quote

Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.

Plus, let's be honest, uk government and banks aren't the smartest when it comes to implementing security - just look at our current system, the encryption has already been broken. If they splashed out a few more million on the Chip&Pin system that's used in majority of the EU then it would be pretty secure.

Nice idea, but it's certainly nothing new and just seems to be another hurdle tagged onto the current system. Instead money and development should be put into other areas like retinal, finger print and/or DNA recognition.
James
Member

Registered: 1st Jun 02
Location: Surrey
User status: Offline
24th Feb 09 at 15:53   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Dom
Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.




You must have been the dullest 14 year old ever
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 15:58   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Dom
Haven't read the whole thread, but i remember when research was started into this about 9 years ago and it fell on it's arse then.

Plus, let's be honest, uk government and banks aren't the smartest when it comes to implementing security - just look at our current system, the encryption has already been broken. If they splashed out a few more million on the Chip&Pin system that's used in majority of the EU then it would be pretty secure.

Nice idea, but it's certainly nothing new and just seems to be another hurdle tagged onto the current system. Instead money and development should be put into other areas like retinal, finger print and/or DNA recognition.


I'd guess it has been looked into at some point, but strange that we own the patent to this if it has been looked into as much as you suggest? Also a bit strange why a very inferior product (simple chip and pin) got implemented when a better alternative was out there.

Again, its also strange that banks would actively seek an alternative to chip and pin when they were so unwilling to pay that bit extra for the better version you mention?!

Finger print/DNA wont happen on the mass market for many many years due to the cost to implement, as well as the problems you face when looking to securely store this information.
Dom
Member

Registered: 13th Sep 03
User status: Offline
24th Feb 09 at 19:02   View User's Profile U2U Member Reply With Quote

I remember an article (probably in some mag like New Scientist) about the idea of using picture based pins as the brain stores pictures/images better than it does numbers etc. So the idea certainly has been looked into before, I’m sure a quick Google will bring up ideas and theories on this. Plus there's plenty of ways to implement such an idea.

And our version of chip and pin is pretty inferior to what they use on the continent, with their system storing the data differently and having better encryption (not 100% on the details).

And, is it really that hard to believe that the banks/government didn't want to spend the extra?
They penny pinched believing that our system was solid even when people stated that the system was inferior and how we should adopt the same system as used in the EU (I’m sure The Register had an article about this).
Our system was cracked within a few months of it going live and you can buy hacked chip and pin terminals like Dione or Hypercom, just the case of knowing where to look.

Either way, a picture based pin is a good idea (although i was slower entering picture pins than straight numbers, ~2secs slower) and it has its uses, but it's not the ultimate protection, especially not for banking. If it does make it mainstream, it wouldn't be long before the system it cracked (with it being the same principle as the current system).

And i agree, DNA/finger print/retinal recognition is expensive (currently) to implement, but investment, research and development would see the cost drop considerably. Again, storing data does have its potential problems but the military has systems in place for securing their data, so it's certainly not impossible (i doubt it's costly either if money is spent wisely). Plus these systems are the only effective solution to securing vital information, but again it comes down to how much banks/governments are willing to invest.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 19:18   View User's Profile U2U Member Reply With Quote

Picture based pins/passwords have been about for years and years - but the way this one is implemented with the moving figures onto different keys is certainly a new idea, hence the patent and it not having been used anywhere before. The fact that it moves makes the security from a viewable level much better than that of current systems.

Now the actual encryption on the chip is another matter!
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
2nd Mar 09 at 09:16   View User's Profile U2U Member Reply With Quote

First major order - 11m units ordered by a major Gas supplier (Id say who but Im not sure which it is yet!)

  <<  2    3    4    5    6    7  >>
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
*Legitimate!* Any1 know how to clock? digitalbanana Help Zone, Modification and ICE Advice 14 1535
1st May 03 at 12:39
by Mr 106
 
MOT test Stone Cold Rattlesnake Help Zone, Modification and ICE Advice 27 2660
20th Jan 04 at 23:46
by Kris TD
 
Morretes Light Bulbs ??? Rocky Help Zone, Modification and ICE Advice 9 875
16th Feb 05 at 19:54
by Rocky
 
aaarrrghhhh password help needed Dave A Geek Day 8 862
5th Feb 07 at 19:47
by Jules
 
is this a quickshift? Jas General Chat 6 923
14th Sep 08 at 22:07
by will_ainsworth
 

Corsa Sport » Message Board » Off Day » Geek Day » New form of password to replace standard PIN. 28 database queries in 0.0163939 seconds