Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Curious if this could be a good alternative to passwords. On a website, user can

ID: 659469 • Letter: C

Question

Curious if this could be a good alternative to passwords. On a website, user can choose to use a pin instead of password. If she does elect to do this (given option) from then on, her account asks for pin only, and via Javascript pop-up.

For users that don't like enabling Javascript, could be good to have a password as normal.

Pop-up may also be good since it is more difficult to keylog, if we present user with on-screen numbers (like in lastpass, or iPhone.) Can even do dragging like in Android.

Do you think this is a good idea, to offer both? Is there anything you would improve or change about the idea?

Explanation / Answer

I don't think this is a great idea, especially as an alternative to a password (rather than in addition to a password):

A 4 digit pin by itself could be brute forced in ~100 days even if you had a 15 minute lockout for incorrect password attempts.
Entering 4 digits via your mouse on a screen is probably slower for most people than entering their password via their keyboard (which they're used to typing)
People are very likely to use some permutation of their year of birth or postcode as their pin

To make this secure a user would still have to log in normally from each machine, which sets a long expiry cookie then each time the user returns to the site they must enter a pin which sets a shorter cookie. This is really only protecting them from someone else using their computer while the user is still logged in via a long term cookie.

Depending on your goals I suggest the following:

If your goal is stronger authentication then I suggest using multi-factor authentication
If your goal is to make it easier for users to log in but you don't want to use a longer cookie then remember their username and not password (users can type their password pretty quickly)
If your goal is to prevent other people snooping on a users computer than this is better addressed on the user end by logging out when they leave their machine.

Related Questions

Cumberland County Senior Services is a non-profit organization devoted to provid
Question #341774
Cumberland County Senior seniors who live in their own homes within the Cumberla
Question #342040
Cumberland Enterprises makes a variety of products that it sells to other busine
Question #2413805
Cumberland Enterprises makes a variety of products that it sells to other busine
Question #2414227
Cumberland Furniture Company manufactures unfinished oak furniture. Cumberland u
Question #2384825
Cumberland Industries: Income Statement (Thousands of dollars Sales Operating co
Question #2814821
Cumberland Industries\' partial balance sheets are shown below. Cumberland issue
Question #2818860
Cumberland Training Services ( CTS ) has commissioned your firm to design and de
Question #3838405
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Curious how to code this in C++ Programming Challenges 22 22. Freezing and Boili
Next
Curling Corporation ages it accounts receivable to determine end-of-period adjus

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.