Published in ·
--
PIN, also known as the Personal Identification Number, is utilized on many occasions, in order to authenticate whether you are really you. Even with TREZOR, one of the first things you will set up is a PIN. But how can you be sure that the sequence of numbers you have selected is strong enough? What to be aware of and what to avoid when choosing a PIN for your TREZOR? Let’s have a look at it!
TREZOR’s PIN entry is a powerful tool to keep your device safe against unauthorized access. If your TREZOR is stolen, the only thing between the thief and your bitcoins is your PIN (or your PIN and a passphrase). Choosing a good PIN is therefore really important.
An analysis in 2012 showed that 11% of PINs used were 1234. Do not use the PIN 1234 to secure your TREZOR.
TREZOR protects your privacy by integrating a shuffled PIN pad, so that when you enter your PIN, no one will know which numbers are you actually pressing. Simply said, the PIN pad is composed of buttons without value. What numbers these buttons correspond to is shown on the display of your TREZOR. This is a very efficient protection against keyloggers or spying eyes.
Now, with this in mind, there is a certain strategy you can go about to create your own PIN.
1. Do Not Repeat Numbers
If you repeat numbers, you are just extending the length of the PIN without actually increasing its complexity. While the attacker wouldn’t know which number you pressed, he/she would know that you have pressed one concrete button twice.
2. Do Not Use a Sequence
Sequences like 1234 or 5678 are easy to guess and they are usually the first combinations to be tested. On the other hand, it is okay to use a sequence in combination with other numbers, such as 345927. With TREZOR’s shuffled PIN pad, an attacker will not know that there was a sequence in the PIN.
3. Use as Many Numbers as Possible
While 4-digit PIN is a banking standard, we all know by now that not everything that banks do is actually secure. By using a long PIN, you are increasing the number of combinations possible, therefore making brute-forcing more difficult. There are 9 different numbers on the PIN pad, so the most secure PIN would consist of 9 different numbers, in a random, non-sequential order.
Hint!
The numbers displayed on the TREZOR’s screen when you are setting a new PIN are in a random order. You can use them as the basis for your PIN, if you don’t have any better ideas. For example, you can memorize the numbers of the first two rows of the shuffled PIN pad displayed on your TREZOR, and use these 6 numbers as your PIN.
Even if someone were to get to your TREZOR, you will have enough time to move out your funds. Brute-forcing the PIN is very difficult, because TREZOR exponentially increments a countdown timer on every wrong PIN entry.
Each time you enter a wrong PIN, the wait time increases by a power of 2. After the first few failures, you have to wait several seconds before you’ll be able to try another PIN. Even just trying the top 20 PINs would take about 6 days (150 hours). Trying 30 PINs would take around 17 years. Trying 100 random PINs would take a VERY LONG time.
Learned something new? Let us know on Twitter, use “@BitcoinTrezor” with the hashtag #PINsecurity.
And don’t forget to answer our poll here:
TREZOR is the most trusted and ubiquitous bitcoin hardware wallet in the world. It offers an unmatched security for cryptocurrencies, password management, Second Factor, while maintaining an absolute ease-of-use, whether you are a security expert or a brand new user.
SatoshiLabs is the innovator behind some of the most pivotal and influential projects in Bitcoin worldwide, from TREZOR, or CoinMap.org to Slush Pool, the world’s first bitcoin mining pool.
TREZOR Shop: BuyTrezor.com
User Manual: Entering PIN
TREZOR Security Blog: Seed, PIN and Passphrase Explained
FAQ: What happens if my TREZOR gets stolen?
