FEATURE REQUEST: Increased pin length

slushpupie

I would love to see the pin length increased to something longer than 7 numbers. Limiting it to 7 seems somewhat arbitrary, and allowing longer pins would increase security.

GeneY

Hi slushpupie,



Increasing PIN size is a reasonable suggestion, however, we need to keep in mind that

PIN of 7 digits will give 10 in power of 7 possible combinations , in other words 10million

of different combinations to unlock your application which has already been verified by

your Master Password (which is much more secure, of course).

Notice that after 5 unsuccessful attempts 1P4A exits and asks you to login again.



Taking all this into consideration , I assume we may stay with an existing PIN length

(Just wanted to let you know that 1P4 iPhone PIN is only 4 digits long and

there hadn't been any security related complains reported so far)



Please let me know what you think.



Best Regards,

Gene

Android Developer





[quote name='slushpupie' timestamp='1287517192' post='13612']

I would love to see the pin length increased to something longer than 7 numbers. Limiting it to 7 seems somewhat arbitrary, and allowing longer pins would increase security.

[/quote]

slushpupie

Gene,



Consder also the usability. Adding even 1 digit to the length allows you to use pins in date form, which are easier for people to remember. As an example, for most places where I need to enter a pin, I choose a random date (my birthday or other significant dates are out of the running for obvious reasons). Say June 21 1927. My pin then becomes 19270721. There are other examples where people's ability to remember things falls into a given format. If there is no technical restriction to 7 chars, why *not* allow it to be longer? Obviously there is a storage limit, and more pressing a display width limit, but in those cases allowing upwards of even 12 should not be difficult.



Arbitrary restrictions in user interface design tend to frustrate users while providing nothing useful to the application. Now, if you were using the pin as the key input to some encryption method where the input size were restricted to 56bits (single DES maybe?) then 7 8bit ascii chars is a reasonable technical limitation since anything else would get truncated.



PS- I do some application development in the security realm so I understand both sides of the argument here.









[quote name='GeneY' timestamp='1287588990' post='13668']

Hi slushpupie,



Increasing PIN size is a reasonable suggestion, however, we need to keep in mind that

PIN of 7 digits will give 10 in power of 7 possible combinations , in other words 10million

of different combinations to unlock your application which has already been verified by

your Master Password (which is much more secure, of course).

Notice that after 5 unsuccessful attempts 1P4A exits and asks you to login again.



Taking all this into consideration , I assume we may stay with an existing PIN length

(Just wanted to let you know that 1P4 iPhone PIN is only 4 digits long and

there hadn't been any security related complains reported so far)



Please let me know what you think.



Best Regards,

Gene

Android Developer

[/quote]

MikeT

[quote name='slushpupie' timestamp='1287589781' post='13671']

Gene,



Consder also the usability. Adding even 1 digit to the length allows you to use pins in date form, which are easier for people to remember. As an example, for most places where I need to enter a pin, I choose a random date (my birthday or other significant dates are out of the running for obvious reasons). Say June 21 1927. My pin then becomes 19270721. There are other examples where people's ability to remember things falls into a given format. If there is no technical restriction to 7 chars, why *not* allow it to be longer? Obviously there is a storage limit, and more pressing a display width limit, but in those cases allowing upwards of even 12 should not be difficult.



Arbitrary restrictions in user interface design tend to frustrate users while providing nothing useful to the application. Now, if you were using the pin as the key input to some encryption method where the input size were restricted to 56bits (single DES maybe?) then 7 8bit ascii chars is a reasonable technical limitation since anything else would get truncated.



PS- I do some application development in the security realm so I understand both sides of the argument here.











[/quote]Hi,

Using birthday for your PIN, even switched around is a bad idea, anybody knowing you will be able to guess that. Also increasing PIN to more than 4 characters does not always improve security, it is better to convert to alphabetic/numeric instead of a 7-digit PIN. It’s much harder to crack a 7 alphabetic/numeric based code than a 7-digit PIN code.





Apple is already moving toward in providing the alphabetic/numeric passcode for the unlock screen on the iOS devices. iPhone with iOS 4.x have that option and iPad will have that option in iOS 4.2 release next month.

slushpupie

MikeT, as I said, I specifically do *not* use a birthday. I use a date as a method of remembering; giving a number context. If the 7 digit length is limited due to some technical reason, then depending on the implementation I can understand the limitation.



However if it is simply arbitrary, then increasing the length will in no way provide a detriment to security, and can possibly improve security. It would increase usability as Im sure Im not the only person out there who would like to use a longer pin (though I may be the only person to ever report on it)



In either case, its simply a feature request, and as feature requests go its an easy one since it would have no impact on existing use of the app.







[quote name='MikeT' timestamp='1287608085' post='13688']

Hi,



Using birthday is a bad idea, anybody knowing you will be able to guess that. Also increasing PIN to more than 4 characters does not always improve security, it’s better to convert to alphabetic/numbers instead of 7-digit PIN. It’s much harder to crack a 7 alphabetic/number based code than a 7-digit PIN code.

[/quote]

MikeT

[quote name='slushpupie' timestamp='1287608770' post='13690']

MikeT, as I said, I specifically do *not* use a birthday. I use a date as a method of remembering; giving a number context. If the 7 digit length is limited due to some technical reason, then depending on the implementation I can understand the limitation.



However if it is simply arbitrary, then increasing the length will in no way provide a detriment to security, and can possibly improve security. It would increase usability as Im sure Im not the only person out there who would like to use a longer pin (though I may be the only person to ever report on it)



In either case, its simply a feature request, and as feature requests go its an easy one since it would have no impact on existing use of the app.









[/quote]I apologize, I misread what you said and thought you meant “like for example, my birthday”, my brain somehow skipped the “out of the running” part.

My understanding is that most smartphones provide the APIs for a 4-digit PIN only and doesn’t allow the ability to extend it. I could be wrong here.

GeneY

I definitely agree with slushpupie that increasing PIN length will increase security, however I see that iPhone uses PIN of 4 digits to unlock the phone (1P4 iPhone does the same thing).

1P4A uses 7, so we may assume to be on the safe size here.



We shouldn't expect a security attack by brutal force on the phone

(especially when we have only 5 attempts before the application quits).



Besides, remember that user has already been verified by the Master Password, we are talking about locking/unlocking the phone, not authentication per se.



What do you think, guys ?



Gene





[quote name='MikeT' timestamp='1287609071' post='13692']

I apologize, I misread what you said and thought you meant “like for example, my birthday”, my brain somehow skipped the “out of the running” part.

My understanding is that most smartphones provide the APIs for a 4-digit PIN only and doesn’t allow the ability to extend it. I could be wrong here.

[/quote]

slushpupie

Why the iPhone version is limited to 4 digits I have no idea. Its possible the iPhone SDK has a pin dialog that limits to 4, I couldn't say. I know Android has no such dialog, so the developer made his/her own so increasing the length would be easy from the UI side.



The thing with the pin is it *is* authentication. The reason such an option exists is because entering certain strong passwords on a smart phone is difficult (symbols in particular) so an alternate, simplfied input makes sense. If I leave my phone on my desk and someone else picks it up, and they open the 1Password app, I dont expect them to be able to open it without authentication- either a pin or a password.



A brute force attack is infusible even with a 3 digit pin given the limits of the app. But in most cases it wont be brute force, it will be engineered in some way. Shoulder surfing would be the most common in my eyes, and the longer the pin the more difficult such a task would be. The other reality is that many people *will* choose a number of some relevance. With 7 digits, phone numbers come to mind. If you increase the number of possibilities to other formats (it could be a phone number, a date, a SSN, etc) you have made it more difficult to guess even if the user selected something personally identifiable.



I would love to hear the input from the developer(s?) on this. I know if I were designing something like this, the pin would actually be an input to a decryption method to prevent someone from just stealing the decrypted files off the phone. It is entirely possible then that a technical limitation exists, but that might be easy to overcome, depending on how it was implemented.



[quote name='GeneY' timestamp='1287669586' post='13718']

I definitely agree with slushpupie that increasing PIN length will increase security, however I see that iPhone uses PIN of 4 digits to unlock the phone (1P4 iPhone does the same thing).

1P4A uses 7, so we may assume to be on the safe size here.



We shouldn't expect a security attack by brutal force on the phone

(especially when we have only 5 attempts before the application quits).



Besides, remember that user has already been verified by the Master Password, we are talking about locking/unlocking the phone, not authentication per se.



What do you think, guys ?



Gene

[/quote]

GeneY

Hi slushpupie,



I thank you for your input, there are definitely very strong points in it.

We at Agile will definitely discuss the topic within our engineering team and would also like to hear

other customer's feedback, what they think on that.



Please always share with us your suggestions and recommendations, they are extremely

important to make Agile products better !



Thank you in advance and Best Regards,

Gene



[quote name='slushpupie' timestamp='1287670435' post='13719']

Why the iPhone version is limited to 4 digits I have no idea. Its possible the iPhone SDK has a pin dialog that limits to 4, I couldn't say. I know Android has no such dialog, so the developer made his/her own so increasing the length would be easy from the UI side.



The thing with the pin is it *is* authentication. The reason such an option exists is because entering certain strong passwords on a smart phone is difficult (symbols in particular) so an alternate, simplfied input makes sense. If I leave my phone on my desk and someone else picks it up, and they open the 1Password app, I dont expect them to be able to open it without authentication- either a pin or a password.



A brute force attack is infusible even with a 3 digit pin given the limits of the app. But in most cases it wont be brute force, it will be engineered in some way. Shoulder surfing would be the most common in my eyes, and the longer the pin the more difficult such a task would be. The other reality is that many people *will* choose a number of some relevance. With 7 digits, phone numbers come to mind. If you increase the number of possibilities to other formats (it could be a phone number, a date, a SSN, etc) you have made it more difficult to guess even if the user selected something personally identifiable.



I would love to hear the input from the developer(s?) on this. I know if I were designing something like this, the pin would actually be an input to a decryption method to prevent someone from just stealing the decrypted files off the phone. It is entirely possible then that a technical limitation exists, but that might be easy to overcome, depending on how it was implemented.

[/quote]

slushpupie

Thanks Gene,



Its always good to know customer suggestions are taken into consideration. Please keep us posted on what they have to say!





[quote name='GeneY' timestamp='1287759707' post='13818']

Hi slushpupie,



I thank you for your input, there are definitely very strong points in it.

We at Agile will definitely discuss the topic within our engineering team and would also like to hear

other customer's feedback, what they think on that.



Please always share with us your suggestions and recommendations, they are extremely

important to make Agile products better !



Thank you in advance and Best Regards,

Gene

[/quote]

GeneY

You are welcome slushpupie,



Here at Agile customer suggestions are taken most seriously by the team and literally guide our development efforts.

That is one of the reasons that our products are so successful on the very competitive market and so loved by our customers.



Although it is not always possible to accommodate each and every customer request every suggestion is carefully considered

in terms of usability, feasibility and practicality.



So please, always share your feedback with the Agile team and other users !



Best Regards,

Gene









[quote name='slushpupie' timestamp='1287761921' post='13819']

Thanks Gene,



Its always good to know customer suggestions are taken into consideration. Please keep us posted on what they have to say!

[/quote]