Changing PINs of German bank card

Binarus lists at binarus.de
Tue Jul 11 16:29:51 CEST 2017 

On 11.07.2017 11:48, Matthias Mansfeld wrote:
> On 11 Jul 2017 at 9:44, Binarus wrote:
> 
>> On 10.07.2017 17:42, Guan Xin wrote:
>>> This is probably a general question --
>>>
>>> I have never seen a German bank that allows changing the PIN of a card.
>>
>> I am not sure if this is an intentional limitation of the cards (to
>> prevent users from choosing idiotic pins like 1234 or their birthday).
> 
> [..]
> At least Sparkasse and HypoVereinsbank and IIRC also Postbank allow 
> changing at the ATM terminal.
> 
> And a birthday isn't as idiotic as 1234 or 1111, as long you assume a 
> standard pickpocket doesn't know you personal data (OK, your ID-card 
> within the same wallet... maybe no good idea. Then not your own 
> birthday but from a person or your cat you can remember, or better 
> your wedding day, which normally would be forgotten always ;-) 

You are right, but experience tells us (no, not us, but the banks) that
people won't think about it. I have no doubt that people like you and me
would choose a secure pin, but from a bank's point of view, most people
would choose pins like 1234 or their birthday.

It might be only a matter of time until there is the first case of a
bank refusing to compensate a customer because his pin was his birthday.

>> Now, this is a completely different question which does not have to do
>> anything with the pin's length. The answer to this question completely
>> depends on your environment and your intentions. I will explain this by
>> two examples with contrary conclusions:
>>
>> Example 1:
>>
> [...]
>>
>> Example 2:
> [..]
> 
> Example 3
> 
> MY use case would be: I have, let's say two bank accounts at 
> Sparkasse, one at Postbank, one at HypoVereinsbank (possible reason: 
> two bussines accounts and one private account and one from a 
> inherited account) and I can remember ONE good "random-like" 
> 4-digit-PIN, but would mangle definitely four different PINs (been 
> there, done that...). Then I chose one and the same "good" PIN for 
> all four cards which I don't need to write down anywhere and 
> everything is OK.

This is a good point as long as we are discussing only banking card
pins. My examples were more general (an electronic password safe will
store all sorts of other secrets / web passwords). Since the OP had
asked about banking card pins, I eventually should have restricted my
answers to that.

On the other hand, I can image a bunch of cases where somebody would
like to take web passwords (and not only banking card pins) along when
going out (e.g. doing web based email in an internet cafe during
vacation). In such cases, I think there is no reason why the pins
shouldn't be stored in the password safe as well.

Thinking about your use case, I am not sure if I would try to make all
pins the same, given the fact that nowadays skimming is the main problem
(and not stealing and trying to brute-force). I am not sure if banks
will compensate if something very bad happens and all four of your
accounts get emptied when the respective cards have the same pin.
Probably most banks disallow this in their terms of service (AGBs).

After all, you don't use the same password for your eBay, Facebook and
Paypal account, do you (unfair question, because those accounts won't be
disabled after three wrong password entries, but nevertheless ...)?

Regards,

Binarus

More information about the Gnupg-users mailing list