Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or


Something on passwords

Filed under: — adam @ 3:11 pm

Interesting thought piece on whether passwords are useful at all.

I’m not convinced either way, but I do have a huge gripe with one assertion. 4-6 digit pins are not fine for ATMs because they have more diligent security experts watching the gates. They’re fine for ATMs because it’s physically very hard to try more than a few numbers in succession, and because they have physical lockouts if you do, and you’re also on camera just trying random numbers. Oh, and they also know exactly where you are. If you notice, bank websites don’t just let you use your PIN anymore – you need a password that goes with it.

Some forms of online password transaction forms will lock you out if multiple failed attempts are made – I’d be worried if anything that required real security didn’t do this.


Comments are closed.

Powered by WordPress