What is the best way to protect a 4 digit password?

352420 pts.
Tags:
Cryptography
Password Protection
I've read that hackers can hit all 10,000 possible variations of a 4-digit pin code within 5 minutes. Is this true?  If so, what is the best way to secure the password - hashing, salting, bcrypt, or something else?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta

    A four-digit password could be broken in closer to five seconds than to five minutes. But it normally shouldn't be a problem. (I assume that you're actually asking about a PIN rather than a "password".)

    In general, the protection would be by making any PIN storage location inaccessible to hackers and also by limiting the number of allowed attempts to, say, three failures. Protections are combined with proper monitoring of actions such as failed attempts. If only three tries are possible before the account is locked and requires a new PIN assignment, it's not very relevant how fast new combinations can be tried.

    Tom

    125,585 pointsBadges:
    report
  • Kevin Beaver
    What system is this for? Windows, web applications, iOS, etc.? You can't just "crack" any password in seconds...it depends on the platform, what type of access you have (i.e. logged into the domain, logged out of the workstation, physical, etc.). If you're talking about mobile devices, especially iOS-based passwords, but even Windows passwords as well. Those are super simple to reset using tools from Elcomsoft (www.elcomsoft.com). Web passwords/PINs can be cracked easily using commercial and free tools but it depends on whether or not intruder lockout is enabled...and it's not on my applications I test.

    More info here:
    http://searchenterprisedesktop.techtarget.com/feature/Chapter-excerpt-Defending-the-enterprise-from-password-hacking

    and here:
    http://www.acunetix.com/blog/web-security-zone/why-intruder-lockout/
    17,740 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following