Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!elbereth.rutgers.edu!ron.rutgers.edu!ron From: ron@ron.rutgers.edu (Ron Natalie) Newsgroups: comp.unix.wizards Subject: Re: password security Message-ID:Date: 7 Dec 88 20:19:12 GMT References: <17730@adm.BRL.MIL> Organization: Rutgers Univ., New Brunswick, N.J. Lines: 18 The cards themselves are easily forged. Essentially, nothing is encoded in the stripe that you can't see on the front of the card. Obviously criminal elements have the ability to forge this information because well publicised cases of credit cards (which use the same technology) exist. When dealing with a machine, it's even easier, the card doesn't need to look real to the eye, just have the correct data on the stripe. Even if the PIN records at the bank are relatively secure, there are many ways that the 4 digit number may be discovered. Abuse of telephone credit card numbers (which are essentially just your account number ( phone number) and a 4 digit PIN) inidicate how vulnerable that system is. Banks mail PINs (albeit separately from the cards) through the use of printthrough computer envelopes. You don't even need to open these to get the information. Banks should never send the PINs out. Here we get to go to the bank to set them. People should safeguard their PINs. Be careful about the guy behind you in line. Don't write them down, and if you get to pick your own, don't be so bloody obvious. I guessed my wifes with little difficulty.