And the penalty for typing in the wrong PIN at an ATM is presumably a lot higher... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pmjordan on Jan 22, 2010 \| parent \| context \| favorite \| on: Stop restricting my password - Help these sites ge... And the penalty for typing in the wrong PIN at an ATM is presumably a lot higher than providing the wrong PIN on their website, which means the feasibility of a brute force attack (which is what password complexity is all about) is entirely different.

ldite on Jan 22, 2010 [–]

No; 3 incorrect PIN entries on their website locks you out, and you have to get a reset. DoS of other people is made harder by also needing a customer number to login.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact