Changing PINs of German bank card

[Binarus]

On 10.07.2017 17:42, Guan Xin wrote:
> This is probably a general question --
> 
> I have never seen a German bank that allows changing the PIN of a card.

I am not sure if this is an intentional limitation of the cards (to
prevent users from choosing idiotic pins like 1234 or their birthday).

> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> mailed in clear text really safer than using a 4 to 6 digit variable
> length PIN that never explicitly appears anywhere.

I recently had a talk with one of my banks because they didn't even
allow changing the web password (for access to online banking) to
something being longer than 5 alphanumeric digits (!!!).

Although (in my case) the subject of the talk was the web password, the
following applies to the card pin as well.

- Usually, you are receiving the card's pin by postal mail. It is
consensus here in Germany that postal mail is highly trustworthy and
that the so called "Briefgeheimnis" is obeyed very carefully. The legal
hurdles for opening a letter during transport are still very high.

- Additionally, you are usually receiving the pins in a special envelope
which (AFAIK) makes it very difficult to read the letter's content
without opening it, even by advanced means (X-ray and the like). In many
cases, the pin is even more secured (metal coating).

I (personally) consider receiving pins that way safe.

But the key point in the bank's argumentation was (applies to pins as
well as to my online banking access):

- If somebody tries to brute force the pin (or online banking password),
the access will be permanently denied if there are more than 3 failures
(the exact number may vary). That means that the length of the pin /
password is not as important as one might think, because it is
practically impossible to brute force a 4 digit pin with only 3 tries.

I know that the chance for guessing 4 digits within 3 tries is higher
than guessing 6 digits, but obviously, most banks are considering 4
digits safe enough.

Furthermore, if you are really hacked and lose money because of this,
the bank will compensate your loss provided that you did not behave like
an idiot (i.e. if you did not note the pin on a piece of paper, attached
that piece of paper to your card and then lost both of them). At least,
they did so in all cases I know about, despite of the fact that the
respective customer (of course) could not *prove* at a technical level
how the hacking worked. As long as the customer could demonstrate
credibly that he had not done any very silly mistake, the bank compensated.

Due to all reasons mentioned above, I (personally) think that you should
not be concerned by the length of the pin, the fact that you can't
change it, and the way you receive it.

> If German banks are right, then should I follow their method and store
> the PINs of my OpenPGP cards on a piece of paper?

Now, this is a completely different question which does not have to do
anything with the pin's length. The answer to this question completely
depends on your environment and your intentions. I will explain this by
two examples with contrary conclusions:

Example 1:

You always forget that pin of your EC card. Therefore, you write it down
to a piece of paper and put it into your wallet besides your EC card.

Well, as said above, this obviously would be the most silly thing you
could do. No bank will compensate you if you lose your wallet (with the
card and its pin) and if somebody then steals your money.

So you think about it and come to a better idea. You could store the pin
on your smart phone. This indeed is better - hopefully you won't lose
your smart phone and your banking card at the same time. But there is
still a small chance that you do.

You think again and finally have a good idea. You install a password
safe app on your smart phone which locally stores all pins and passwords
with strong encryption. You operate that app with great discipline: You
choose a long, weird master password which you must enter to open the
password safe where the pin is stored. You open the safe only when
needed, and you close it immediately when done, and you don't let the
app (or OS) cache the master password.

(Note: Of course, you MUST NOT write the master password on a piece of
paper and attach that paper to your smart phone ...)

So, in this example, carrying a piece of paper with you where the pin is
noted is a very bad idea, but carrying that pin with you on your smart
phone is a good idea provided that the pin is stored there in a heavily
encrypted password safe and provided that you operate that safe with
some discipline. You still have to memorize that safe's master password,
but this is a one time thing, and you then could store all other
passwords and pins in that safe.

Example 2:

On your desktop PC, you are using the internet excessively, and you are
afraid that some Trojan horse / keylogger will be able to get on your PC
(given the latest ransomware attacks, this obviously is a real threat
even when you are running an up-to-date virus protection).

In this case, using a password safe software won't protect you. The
Trojan horse / keylogger could be able to intercept all your keystrokes,
including your master password for the password safe. If you don't use a
password safe and just store the passwords in an unencrypted text file
(perhaps because you are the only person who physically has access to
the PC in question), a Trojan horse will be able to read all your
passwords even without intercepting keystrokes.

So, in this case, it obviously would be better to write down your
passwords on a sheet of paper provided you can store that paper in a
place where only you have access to (for example, some secret place in
your private apartment).

>From these examples, it should be clear that there can't be a general
recommendation which fits all cases.

And there is one more very important thing most people don't think of:
What happens if you have an accident or if you die? Your heirs will have
all sorts of troubles if something happens to you and they can't access
your electronic accounts because they don't have the passwords.

So I tend to write down at least my master password on a sheet of paper,
put that in a sealed envelope and give it to a relative who I highly
trust. In case I die, they open the envelope, have the master password
for my password safe and can use that to open the access to all my
accounts. Alternatively, you could have some relative you trust memorize
your master password. But since he won't use it regularly (hopefully),
he probably will forget it after short time ...

Regards,

Binarus