Idiot millennials are saving credit card PINs on their mobile phones • The Register Forums

Monday 18th April 2016 12:33 GMT h4rm0ny

And pre-Millienials were tech savants?

Can we ditch honing in on "Millenials"? I'm sick of every bandwagon news site suddenly starting to throw the word around every other article as if it has some actual significance. If anything, I would have thought "Millenials" probably have a higher average IT knowledge than older generations.

Maybe they just don't care because there aren't any well-paying jobs and there's nothing IN their bank-accounts except ten grand of student debt, did you think of that?

Grumpy icon for grumpy post ----------->

EDIT: And yes, I read the article. If they're five percentage points higher than the previous generation likely to store the numbers in their phone, I suspect that's more to do with smartphone ownership and use of online banking than tech expertise.

47 8 Reply
1. Monday 18th April 2016 12:41 GMT Anonymous Coward
  
  Re: And pre-Millienials were tech savants?
  
  Millienials stupidly store their pins in their phones.
  
  Pre-Millienials stupidly store their pins on a post-it note stuck to their monitor.
  
  46 3 Reply
  1. Monday 18th April 2016 13:08 GMT SolidSquid
    
    Re: And pre-Millienials were tech savants?
    
    or stuck to the back of their ID, or on a piece of paper in their wallet, or on a sticker on the back of their phone. There's a lot of dumb ways to store passwords, on a pin locked device isn't necessarily the worst of them
    
    18 1 Reply
    1. Tuesday 19th April 2016 00:44 GMT Vic
      
      Re: And pre-Millienials were tech savants?
      
      or on a piece of paper in their wallet
      
      I've done the PIN-on-paper-in-the-wallet thing, alongside my bank card.
      
      Not *my* PIN[1], mind...
      
      Vic.
      
      [1] Although it's unlikely to work, I rather hope that anyone who steals my wallet might try that PIN enough times to get the card swallowed :-)
      
      8 0 Reply
    2. Tuesday 19th April 2016 09:39 GMT Drape1941
      
      Re: And pre-Millienials were tech savants?
      
      In a world where every trivial or non-trivial website demands a password that is changed regularly please advise as to a safe, secure and practical way to save passwords that can be used on a variety of electronic devices in a variety of situations. It is the outdated password system that is at fault not idiot millenials that are at fault. I am 75 years old, am I a millienial?
      
      6 0 Reply
    3. Wednesday 20th April 2016 09:09 GMT PeteA
      
      Re: And pre-Millienials were tech savants?
      
      But if your PIN's are stored on a PIN-locked device, then how do you unlock the device?
      
      0 0 Reply
  2. Monday 18th April 2016 13:29 GMT magickmark
    
    Re: And pre-Millienials were tech savants?
    
    </sarc>
    
    I'm a "pre-millenial", an old duffer in my 50's using tec for 30+ years, and its amazing how many times I've lost my monitor and post-it-notes stuck to them from my back pocket when I've been out.
    
    </sarc>
    
    28 1 Reply
    1. Tuesday 19th April 2016 04:35 GMT Anonymous Coward
      
      Re: And pre-Millienials were tech savants?
      
      I found one of them!
      
      Send me a telegram and I will arrange for a man in a dust jacket to deliver it to you.
      
      Make sure you have the correct form: https://youtu.be/NWqJECZelhQ
      
      0 0 Reply
  3. Monday 18th April 2016 16:29 GMT Terry 6
    
    Re: And pre-Millienials were tech savants?
    
    massivleySerial You are SO wrong. We store our pins on post-its on the back of the credit card, because no one would look there.
    
    7 0 Reply
    1. Monday 18th April 2016 18:27 GMT e^iÏ+1=0
      
      Re: And pre-Millienials were tech savants?
      
      "pins on post-its on the back of the credit card"
      
      That just doesn't work - post-its fall off.
      
      Haven't you heard of marker pens?
      
      6 0 Reply
  4. Tuesday 19th April 2016 13:30 GMT Anonymous Coward
    
    Re: And pre-Millienials were tech savants?
    
    Or, if you find like I did, 'pre-millenials' write usernames and passwords on monitor bezels (back in CRT days) 'just in case someone needs to get in'.
    
    0 0 Reply
  5. Tuesday 19th April 2016 20:37 GMT PacketPusher
    
    Re: And pre-Millienials were tech savants?
    
    My mother was born in 1929 and never touched a computer until she was in her 70s, but she was no dummy when it came to security. She wrote her ATM PIN, the only PIN she had, as a phone number in her address book. If someone stole her purse, they would have the PIN, but it probably would not be recognized as such.
    
    1 0 Reply
2. Monday 18th April 2016 12:47 GMT Yet Another Anonymous coward
  
  Re: And pre-Millienials were tech savants?
  
  Solution to stories about millenials
  
  10 0 Reply
3. Monday 18th April 2016 12:49 GMT Sir Sham Cad
  
  Re: And pre-Millienials were tech savants?
  
  I think the main issue here is that this generation always had this technology around them. They're comfortable with it and generally trust it. It's not that they're not tech-savvy they're just tech-complacent.
  
  If the phone/tablet etc... has a password/lock that encrypts the data then that's still a lot better than the post-it-note-in-the-wallet scenario. It's still a bad thing to do but it's less worse than the low tech version.
  
  Also:
  
  "ten grand of student debt"
  
  First year students only then?
  
  18 2 Reply
4. Monday 18th April 2016 13:04 GMT phuzz
  
  Re: And pre-Millienials were tech savants?
  
  I was born in the early 80's and apparently I'm classed as a millennial, so really this article (seeing as it was singling out people ten years younger than me) could have replaced the word 'millennial' with 'young people' and rounded it out with quick anecdote about how the youth have no respect these days, don't know the meaning of hard work and should get off the author's lawn.
  
  (I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)
  
  12 1 Reply
  1. Monday 18th April 2016 15:34 GMT Jeffrey Nonken
    
    Re: And pre-Millienials were tech savants?
    
    "(I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)"
    
    Keepass here, though I don't think I qualify as a millennial, seeing as how I'm actually a 'boomer.
    
    3 0 Reply
    1. Tuesday 19th April 2016 10:31 GMT Darren Sandford
      
      Re: And pre-Millienials were tech savants?
      
      Keepass, synchronised through my own Owncloud server across all my devices, with a separate key file (not synchronised, I transfer that manually) and password combined.
      
      3 0 Reply
  2. Monday 18th April 2016 18:47 GMT Anonymous Coward
    
    I was born in the early 80's
    
    Awww - who's a cute little puppy!?
    
    0 0 Reply
    1. Monday 18th April 2016 19:22 GMT werdsmith
      
      Re: I was born in the early 80's
      
      Well obviously being a bit older than a millenial, I write my card pin codes on the signature strip on the back of the card. That's what the strip is for isn't it? After all the CVV number is printed there for all to see.
      
      And passwords, well I just use Pa55w0rd for everything, because nobody would guess that and anyway, how hard would it be to find out my mother's maiden name and the name of my first school?
      
      Actually I don't remember passwords, there are just too many different online accounts needing a different password that it becomes ridiculous. Instead I just remember one complex formula which constructs a unique password from context.
      
      Alternatively I could just remember the password for my email and use the forgotten password reset link every time for everything else.
      
      Or not do anything important online.
      
      6 0 Reply
5. Monday 18th April 2016 13:05 GMT Naselus
  
  Re: And pre-Millienials were tech savants?
  
  Well, it's all a matter of how you choose to spin it, isn't it? This article runs with '21 percent of millenials store PINs on mobile devices', but one could just as easily run the exact same story as 'only 16 percent of baby boomers have discovered the memo function on their mobile device'... which is pretty much the main reason my mother doesn't keep her PINs on her phone. I dread the day she actually looks under the 'all apps' menu.
  
  9 1 Reply
Monday 18th April 2016 12:35 GMT The Mole

Surely it depends on how the PINs are stored? If they are in an appropriately secure password vault its no worse than storing other types of password and pretty secure. Similarly if the PINS are sufficiently steganographically hidden (inside a fake contact phone number perhaps) then as long as it isn't obvious the odds of an attacker knowing it is there and guessing the right set of numbers before the card is blocked is pretty secure (I'd be more worried about them resetting your paypal password through access to your email account).

There is also the question of which is better - 1 pin for all n cards you have, or a pin for each card but that leads to issues with remembering them all so you have to record them securely in your phone.

34 0 Reply
1. Monday 18th April 2016 12:50 GMT Anonymous Coward
  
  I'd second this.
  
  Yes, I have some details stored, under GnuPG-protected files with a 4096-bit RSA key. Never kept persistently in cleartext. Ever.
  
  The machines where I keep those passwords run self-built versions of Gentoo. I've been doing my own stage builds for about 5 years now using the same scripts I used to maintain official stage builds for their MIPS port. Sufficiently long enough to have "bread out" most backdoors by now.
  
  My phone however has none of the above. It is considered "untrusted" as it runs a dated version of Android for which I do not have the source code, thus only gets the bare essentials in terms of passwords. I'll never use GnuPG or OpenSSH on it with my regular keys, and will not use it for storing confidential information.
  
  As it happens, I have just one debit card, issued by the post office. It rarely gets used. I draw money out of the bank by visiting the branch in person and using a passbook: same way I've done for almost 21 years now.
  
  I'm not sure what age group classify as "millennials", I'd be in the 30-35 age bracket.
  
  4 6 Reply
  1. Monday 18th April 2016 14:17 GMT Steve K
    
    "bread out" most backdoors by now"
    
    Luckily for you or you'd be toast
    
    12 0 Reply
    1. Monday 18th April 2016 18:42 GMT Anonymous Coward
      
      Yep, perhaps. Hey, it's how I make my dough alright?!
      
      4 0 Reply
2. Monday 18th April 2016 14:04 GMT Anonymous Coward
  
  bin doing that for decades
  
  Since my first mobile phone (The Nokia Orange), I have kept any new PINs as part of a faked up phone book entry.
  
  These days it is easier, as most banks let you change the pin to something you can remember, but you still need to remember the one they set until you can reach that elusive Branch ATM.
  
  4 0 Reply
3. Tuesday 19th April 2016 11:08 GMT Alan Edwards
  
  Agreed, you need to know what they were actually asked before drawing conclusions, You need to know whether the PINs/passwords were encrypted, or plain text backed up to iCloud.
  
  0 0 Reply
Monday 18th April 2016 12:36 GMT Bumpy Cat

PINs?!

I can understand someone not tech-savvy storing passwords on their mobile - it's another version of the post-it in the wallet. But surely people can remember a four-digit PIN?

6 5 Reply
1. Monday 18th April 2016 12:50 GMT Chloe Cresswell
  
  Re: PINs?!
  
  I can't. But I don't have chip and pin cards for exactly that reason.
  
  0 1 Reply
2. Monday 18th April 2016 12:51 GMT Anonymous Coward
  
  Re: PINs?!
  
  Personal account pin, joint account pin, credit card pin, corporate card pin, some of which are only used in a blue moon. Its not hard to see why this would happen.
  
  19 1 Reply
3. Monday 18th April 2016 12:52 GMT Alien8n
  
  Re: PINs?!
  
  I can remember PINs for my debit card, the wife's debit card, and my phone. I don't use the credit cards anywhere near often enough in order to remember the PINs for them.
  
  6 1 Reply
  1. Monday 18th April 2016 13:52 GMT AndrueC
    
    Re: PINs?!
    
    I couldn't remember the code to get into my office building this morning. Well that's not quite true. I knew all the digits but couldn't work out the correct order.
    
    It rather put me in mind of the classic Morecambe & Wise sketch.(*)
    
    Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G).
    
    (*)Which for some reason is blocked on my work connection because I'm in the wrong country. Apparently Banbury is no longer part of the UK. Oh well :)
    
    3 0 Reply
    1. Monday 18th April 2016 18:18 GMT Stuart Castle
      
      Re: PINs?!
      
      "Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G)."
      
      Perhaps not as bizarre as you'd think. A few years back, I phoned one of my friends nearly every day. I had memorised the number, so didn't write or type it anywhere. Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was.
      
      I don't have a great memory for numbers (I tend to find it easy to remember those I use frequently, but have to look up others). I do store passwords on my phone (but not pins), but only using apps that encrypt them.
      
      6 0 Reply
      1. Monday 18th April 2016 20:16 GMT Captain Badmouth
        
        Re: PINs?!
        
        "Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was."
        
        Similar to my method, I remember the no. as a rhythm with the no. split up into blocks.
        
        This is often how I seem to construct my passwords, they're rhythmic when I type them out.
        
        No musical logo, so I'll settle for a pint.
        
        5 0 Reply
        
        Tuesday 19th April 2016 11:37 GMT Alien8n
        
        Re: PINs?!
        
        @Captain Badmouth
        
        There was an article not that long ago that suggested the best way to remember a password was to use song lyrics.
        
        So if you really liked Iron Maiden you could pick a verse from a song and transpose that into a password like this:
        
        "Bring your daughter, bring your daughter, to the slaughter"
        
        Becomes "BYDBYDTTS"
        
        Then you add some variable capitalisation:
        
        "ByDbYdTtS"
        
        Followed by some number replacement:
        
        "ByD8YdTt5"
        
        And then add some symbols:
        
        "ByD8YdTt5?"
        
        Hey presto, instant random password that's easy to remember.
        
        1 0 Reply
        
        Wednesday 20th April 2016 03:09 GMT Yet Another Anonymous coward
        
        Re: PINs?!
        
        Except you can't remember which B you replaced and one site insists that you have a symbol, while another insists on no symbols and a 3rd won't allow the same letter twice.
        
        And we use GPU hashing engines now so that password is no more difficult to crack than "password5"
        
        2 0 Reply
4. Monday 18th April 2016 13:02 GMT tony72
  
  Re: PINs?!
  
  I have the PIN for a couple of cards stored in my phone. They're unencrypted but somewhat obfuscated, even though I actually have KeePass and a private-cloud-synced password database on the phone, due to sheer laziness. I'm definitely not a "millennial", by the way.
  
  I can remember the PIN for my personal debit card that I use daily, but for example it's probably more than a year since I last used my work card for anything other than an online transaction, so no, I'm not likely to remember the PIN for it.
  
  I don't really it as a big issue anyway; AFAIK most card fraud does not involve using the PIN, since it's mostly online activity. For this to be an issue, you'd need to physically steal or clone the card, as well as stealing and gaining access to the phone to extract the pin, and then present the stolen card and use the stolen PIN in person, which leaves you much more likely to be traced and caught than if you just used the card and CSC for a little cross-border online fraud.
  
  8 0 Reply
  1. Monday 18th April 2016 19:09 GMT e^iÏ+1=0
    
    Re: PINs?!
    
    "most card fraud does not involve using the PIN"
    
    I'm sure I read somewhere that criminals occasionally use the PIN together with a card in an ATM to get cash out.
    
    4 1 Reply
  2. Monday 18th April 2016 20:46 GMT P. Lee
    
    Re: PINs?!
    
    >They're unencrypted but somewhat obfuscated
    
    It's the easiest way. Create an addressbook entry with a name you'll remember and have the pin as part of the telephone number.
    
    If you're using a phone with lots of apps, your security and privacy is probably already shot and bleeding out. Keep a couple of related pins for important stuff (things that spend your cash), some for identity-important things, and keep your email secure. Most of the rest is unimportant.
    
    Really, if someone nicks your facebook account, you can email or call your real friends to let them know. You didn't do something dumb like single-sign-on with facebook did you?
    
    1 0 Reply
5. Monday 18th April 2016 20:55 GMT Mark 85
  
  Re: PINs?!
  
  Wait awhile until you get to the point where you walk into a room and forget why you walked in.
  
  5 0 Reply
6. Tuesday 19th April 2016 08:17 GMT Nigel 11
  
  Re: PINs?!
  
  But surely people can remember a four-digit PIN?
  
  Remember a different one for each card? Not quite so easy now.
  
  Here's how. Memorize a two-digit number that you never ever explicitly write down or store. Memorize the positions of two digits out of the 16-digit card number. When you want to use any card you recall your two digit number and read the other two digits from their memorized places on the card. Combine them in the way your remember. Different PIN for each card, and easy to remember.
  
  Human brains remember procedures much better than random four-character strings. And it's the same procedure for all your cards, so practice makes perfect.
  
  5 0 Reply
Monday 18th April 2016 12:37 GMT Anonymous Coward

Phones make you stupid

It's the only explanation.

(Other than phones have exposed people's stupidity to the media and a much wider platform)

2 4 Reply
1. Monday 18th April 2016 13:20 GMT Anonymous Coward
  
  @AC - Re: Phones make you stupid
  
  Only intelligent phones are making you stupid.
  
  2 0 Reply
2. Tuesday 19th April 2016 08:28 GMT Queasy Rider
  
  Re: Phones make you stupid
  
  Speed dials and contact lists don't help either.
  
  2 0 Reply
Monday 18th April 2016 12:42 GMT John Latham

PIN numbers?

Really?

19 0 Reply
1. Monday 18th April 2016 14:46 GMT Little Mouse
  
  Re: PIN numbers?
  
  I feel your pain.
  
  No-one ever seems to use the correct term - "PIN number number" - anymore.
  
  13 0 Reply
  1. Monday 18th April 2016 15:55 GMT Anonymous Coward
    
    Re: No-one ever seems to use the correct term - "PIN number number" - anymore.
    
    But the problem with the alternative oldfangled PI Number is that it´s too easy to guess. Although somewhat tedious to type in...
    
    8 0 Reply
    1. Wednesday 20th April 2016 03:11 GMT Yet Another Anonymous coward
      
      Re: No-one ever seems to use the correct term - "PIN number number" - anymore.
      
      >Although somewhat tedious to type in...
      
      I just use the last 4 digits
      
      2 0 Reply
  2. Tuesday 19th April 2016 08:36 GMT Nigel 11
    
    Re: PIN numbers?
    
    Can't remember my Personal Identification Number numbers.
    
    This makes perfect sense to me. There are four of them in a PIN. Or sometimes six. Occasionally eight.
    
    0 0 Reply
Monday 18th April 2016 12:42 GMT fridaynightsmoke

Stooopid milleniuls

Keeping PINs on a (probably) password-protected and encrypted device like that, those idiots.

16 0 Reply
1. Monday 18th April 2016 12:55 GMT Gordon 10
  
  Re: Stooopid milleniuls
  
  Indeed without some stats on how many lost and stolen phones actually go on to have their bank accounts etc. compromised its rather a worthless survey. As per usual its just marketing fluff.
  
  I'm willing to wager that the vast majority of lost/stolen devices DO NOT have any personal information used/abused on them. Coz the immediate value of phone + the chances of getting nicked with a stolen phone isfar lower risk than using the contents of said phone for online fraud.
  
  10 0 Reply