password versus pin in application authentication

In an application authentication, it is very common to see many
applications use username/password combination for authentication
access. However, some applications use username/pin combination as
well. My question is in what scenarios we should use username/password,
and in what scenarios we should use username/pin when we design the
authentication method? My observation is that pin usually is numeric
only, but password can contain both letters and numbers.

Please advice and discuss.

Thanks,
Raymond

Re: password versus pin in application authentication

Raymond wrote:

> In an application authentication, it is very common to see many
> applications use username/password combination for authentication
> access. However, some applications use username/pin combination as
> well. My question is in what scenarios we should use username/password,
> and in what scenarios we should use username/pin when we design the
> authentication method? My observation is that pin usually is numeric
> only, but password can contain both letters and numbers.
>
> Please advice and discuss.
>
> Thanks,
> Raymond


....it depends on what the pin is. Sometimes a pin is a keyfob etc...in this
case the pin changes everytime it is used for changed based on time. These
are very secure...especially if they are not tied to a computer (keyfob)...


Imhotep

Re: password versus pin in application authentication

Raymond wrote:
> In an application authentication, it is very common to see many
> applications use username/password combination for authentication
> access. However, some applications use username/pin combination as
> well. My question is in what scenarios we should use username/password,
> and in what scenarios we should use username/pin when we design the
> authentication method? My observation is that pin usually is numeric
> only, but password can contain both letters and numbers.

PIN and Password are the same. Usually, a password is called PIN, if
it's very short (too short to be secure itself), and another provision
offers security. Usually, a PIN may be tried only a very limited time,
and afterwards an authentication system has a fallback to a more secure
password, so the PIN cannot be computed using brute force.

PINs are only for user's convenience.

Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain

Re: password versus pin in application authentication

"Raymond" writes:

>In an application authentication, it is very common to see many
>applications use username/password combination for authentication
>access. However, some applications use username/pin combination as
>well. My question is in what scenarios we should use username/password,
>and in what scenarios we should use username/pin when we design the
>authentication method? My observation is that pin usually is numeric
>only, but password can contain both letters and numbers.

A pin (Personal Identification Number) is just a short numeric password.



>Please advice and discuss.

>Thanks,
>Raymond