« Is the NSF Hiding Something? Why Won't the NSF Let the Wayback Machine Archive its Web Page? | Main | Answering a few questions about DOPA and libraries »


As to Mary's reasonable uncertainty of the accuracy of my assertion, which was that a public library system is capable of ten-character PIN passwords while attempting to restrict each user PIN to four numeric characters, I should offer the means of proving the assertion.

You may go to www.cobbcat.org . Click on My Account. Under "Detailed Information About:", click on USER PIN CHANGE. The instructions state that the new PIN is to be "no longer than 10 characters."

The Customer Service phone number for the library system is 770/528-2326. The library system's PIN preference may be learned there. It is not necessary to announce from where one is calling, of course

If the moderator deems that the phone number I gave should be edited out, that may be done. If there is a policy against editing comments by permission, the moderator may allow the comment unedited or not at all.

Library professionals can say better than I how widespread is password-setting conduct such as I've briefly described.

While a 4-digit pin is weak, there's nothing strong about a 6-8 character password. For the latter, people tend to use actual words, which are then easy to break using the "brute force" method of a dictionary of terms. If people chose 6-8 random numbers and letters, then 8 would be much more secure than 4. Yet we know that generally the human mind can handle 5-7 individual items in memory (numbers, letters) at most. We need mnemonics for our memory to work, and that's the weakness of passwords. If we can remember it, someone else can break it.

The comments to this entry are closed.