Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!mailrus!cwjcc!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.wizards
Subject: Re: random passwords (was Re: Worm...)
Message-ID: <8406@bloom-beacon.MIT.EDU>
Date: 12 Dec 88 06:32:59 GMT
References: <28399@tut.cis.ohio-state.edu> <278@aber-cs.UUCP> <147@minya.UUCP> <5598@polya.Stanford.EDU>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: jik@athena.mit.edu (Jonathan I. Kamens)
Distribution: eunet,world
Organization: Massachusetts Institute of Technology
Lines: 24

In article <5598@polya.Stanford.EDU> waters@polya.Stanford.EDU (Jim Waters) writes:

>Actually, I have a 7 digid "secret number," and I believe that 9 is the limit.
>We go to the bank to choose them, so no one else ever sees the number.

Ay, there's the rub....

My bank (BayBanks Boston) allowed me to choose a 7-digit security code
as well.  However, if you watch really closely when typing the 7-digit
code into a BayBanks machine, the screen will flash momentarily after
the fourth digit is entered.

Well, boys and girls, can you guess what that means?  Yes, that's
right, the BayBanks machine is only listening to the first four
digits!  In fact, if you press the enter key after only the first four
digits, the machine merrily accepts your PIN.

Moral of the story: are you *sure* that all seven digits of your PIN
matter to the machine?

(This really has nothing to do with unix.  Sigh.)

  Jonathan Kamens
  MIT Project Athena