Path: utzoo!attcan!uunet!ccicpg!nick
From: nick@ccicpg.UUCP (Nick Crossley)
Newsgroups: comp.unix.wizards
Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on)
Summary: ATMs login not very secure
Keywords: ATM, password
Message-ID: <43034@ccicpg.UUCP>
Date: 30 Nov 88 18:57:07 GMT
References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com>
Reply-To: nick@ccicpg.UUCP (Nick Crossley)
Organization: CCI CPG, Irvine CA
Lines: 29

In article <10900@ulysses.homer.nj.att.com> ekrell@hector.UUCP (Eduardo Krell) writes:
>In article <438@amanue.UUCP> jr@amanue.UUCP (Jim Rosenberg) writes:
>>Well surprise:  This exact password system is ***IN USE***!!!  In (are you
>>ready:) ***BANKS***!!!  I am not kidding.  Do you have an Automatic Teller
>>Machine card?  What does your password look like?  Every time I've been given
>>one of those things the password was just 4 digits!!!!!!!
>
>I don't know about your bank, but mine will take away your card if you
>enter the wrong PIN something like 3 or 5 times in a row (the ATM will
>eat the card).
>    
>Eduardo Krell                   AT&T Bell Laboratories, Murray Hill, NJ

But, in the UK at least, if you abort the 'login' attempt after the 2nd
attempt (there is a button to do this), you get your card back, and can
then try again immediately.  Thus you have an unlimited number of attempts.
I have not tried this on a machine in the US.

I have often wondered about the four-digit limit anyway - surely even some
branches must have close to 9999 accounts, let alone whole banks.  That does
make the code number very unique.

This no longer has much to do with Unix.

-- 

<<< standard disclaimers >>>
Nick Crossley, CCI, 9801 Muirlands, Irvine, CA 92718-2521, USA
Tel. (714) 458-7282,  uucp: ...!uunet!ccicpg!nick