nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Idiot millennials are saving credit card PINs on their mobile phones

Silver badge
Windows

And pre-Millienials were tech savants?

Can we ditch honing in on "Millenials"? I'm sick of every bandwagon news site suddenly starting to throw the word around every other article as if it has some actual significance. If anything, I would have thought "Millenials" probably have a higher average IT knowledge than older generations.

Maybe they just don't care because there aren't any well-paying jobs and there's nothing IN their bank-accounts except ten grand of student debt, did you think of that?

Grumpy icon for grumpy post ----------->

EDIT: And yes, I read the article. If they're five percentage points higher than the previous generation likely to store the numbers in their phone, I suspect that's more to do with smartphone ownership and use of online banking than tech expertise.

47
8
Anonymous Coward

Re: And pre-Millienials were tech savants?

Millienials stupidly store their pins in their phones.

Pre-Millienials stupidly store their pins on a post-it note stuck to their monitor.

46
3
Silver badge

Re: And pre-Millienials were tech savants?

Solution to stories about millenials

10
0

Re: And pre-Millienials were tech savants?

I think the main issue here is that this generation always had this technology around them. They're comfortable with it and generally trust it. It's not that they're not tech-savvy they're just tech-complacent.

If the phone/tablet etc... has a password/lock that encrypts the data then that's still a lot better than the post-it-note-in-the-wallet scenario. It's still a bad thing to do but it's less worse than the low tech version.

Also:

"ten grand of student debt"

First year students only then?

18
2
Silver badge
Windows

Re: And pre-Millienials were tech savants?

I was born in the early 80's and apparently I'm classed as a millennial, so really this article (seeing as it was singling out people ten years younger than me) could have replaced the word 'millennial' with 'young people' and rounded it out with quick anecdote about how the youth have no respect these days, don't know the meaning of hard work and should get off the author's lawn.

(I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)

12
1
Silver badge

Re: And pre-Millienials were tech savants?

Well, it's all a matter of how you choose to spin it, isn't it? This article runs with '21 percent of millenials store PINs on mobile devices', but one could just as easily run the exact same story as 'only 16 percent of baby boomers have discovered the memo function on their mobile device'... which is pretty much the main reason my mother doesn't keep her PINs on her phone. I dread the day she actually looks under the 'all apps' menu.

9
1

Re: And pre-Millienials were tech savants?

or stuck to the back of their ID, or on a piece of paper in their wallet, or on a sticker on the back of their phone. There's a lot of dumb ways to store passwords, on a pin locked device isn't necessarily the worst of them

18
1
Facepalm

Re: And pre-Millienials were tech savants?

</sarc>

I'm a "pre-millenial", an old duffer in my 50's using tec for 30+ years, and its amazing how many times I've lost my monitor and post-it-notes stuck to them from my back pocket when I've been out.

</sarc>

28
1
Bronze badge

Re: And pre-Millienials were tech savants?

"(I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)"

Keepass here, though I don't think I qualify as a millennial, seeing as how I'm actually a 'boomer.

3
0
Silver badge

Re: And pre-Millienials were tech savants?

massivleySerial You are SO wrong. We store our pins on post-its on the back of the credit card, because no one would look there.

7
0

Re: And pre-Millienials were tech savants?

"pins on post-its on the back of the credit card"

That just doesn't work - post-its fall off.

Haven't you heard of marker pens?

6
0
Anonymous Coward

I was born in the early 80's

Awww - who's a cute little puppy!?

0
0
Silver badge

Re: I was born in the early 80's

Well obviously being a bit older than a millenial, I write my card pin codes on the signature strip on the back of the card. That's what the strip is for isn't it? After all the CVV number is printed there for all to see.

And passwords, well I just use Pa55w0rd for everything, because nobody would guess that and anyway, how hard would it be to find out my mother's maiden name and the name of my first school?

Actually I don't remember passwords, there are just too many different online accounts needing a different password that it becomes ridiculous. Instead I just remember one complex formula which constructs a unique password from context.

Alternatively I could just remember the password for my email and use the forgotten password reset link every time for everything else.

Or not do anything important online.

6
0
Vic
Silver badge

Re: And pre-Millienials were tech savants?

or on a piece of paper in their wallet

I've done the PIN-on-paper-in-the-wallet thing, alongside my bank card.

Not *my* PIN[1], mind...

Vic.

[1] Although it's unlikely to work, I rather hope that anyone who steals my wallet might try that PIN enough times to get the card swallowed :-)

8
0
Anonymous Coward

Re: And pre-Millienials were tech savants?

I found one of them!

Send me a telegram and I will arrange for a man in a dust jacket to deliver it to you.

Make sure you have the correct form: https://youtu.be/NWqJECZelhQ

0
0

Re: And pre-Millienials were tech savants?

In a world where every trivial or non-trivial website demands a password that is changed regularly please advise as to a safe, secure and practical way to save passwords that can be used on a variety of electronic devices in a variety of situations. It is the outdated password system that is at fault not idiot millenials that are at fault. I am 75 years old, am I a millienial?

6
0

Re: And pre-Millienials were tech savants?

Keepass, synchronised through my own Owncloud server across all my devices, with a separate key file (not synchronised, I transfer that manually) and password combined.

3
0
Anonymous Coward

Re: And pre-Millienials were tech savants?

Or, if you find like I did, 'pre-millenials' write usernames and passwords on monitor bezels (back in CRT days) 'just in case someone needs to get in'.

0
0
Trollface

Re: And pre-Millienials were tech savants?

My mother was born in 1929 and never touched a computer until she was in her 70s, but she was no dummy when it came to security. She wrote her ATM PIN, the only PIN she had, as a phone number in her address book. If someone stole her purse, they would have the PIN, but it probably would not be recognized as such.

1
0
Trollface

Re: And pre-Millienials were tech savants?

But if your PIN's are stored on a PIN-locked device, then how do you unlock the device?

0
0

Surely it depends on how the PINs are stored? If they are in an appropriately secure password vault its no worse than storing other types of password and pretty secure. Similarly if the PINS are sufficiently steganographically hidden (inside a fake contact phone number perhaps) then as long as it isn't obvious the odds of an attacker knowing it is there and guessing the right set of numbers before the card is blocked is pretty secure (I'd be more worried about them resetting your paypal password through access to your email account).

There is also the question of which is better - 1 pin for all n cards you have, or a pin for each card but that leads to issues with remembering them all so you have to record them securely in your phone.

34
0
Anonymous Coward

I'd second this.

Yes, I have some details stored, under GnuPG-protected files with a 4096-bit RSA key. Never kept persistently in cleartext. Ever.

The machines where I keep those passwords run self-built versions of Gentoo. I've been doing my own stage builds for about 5 years now using the same scripts I used to maintain official stage builds for their MIPS port. Sufficiently long enough to have "bread out" most backdoors by now.

My phone however has none of the above. It is considered "untrusted" as it runs a dated version of Android for which I do not have the source code, thus only gets the bare essentials in terms of passwords. I'll never use GnuPG or OpenSSH on it with my regular keys, and will not use it for storing confidential information.

As it happens, I have just one debit card, issued by the post office. It rarely gets used. I draw money out of the bank by visiting the branch in person and using a passbook: same way I've done for almost 21 years now.

I'm not sure what age group classify as "millennials", I'd be in the 30-35 age bracket.

4
6
Silver badge

bin doing that for decades

Since my first mobile phone (The Nokia Orange), I have kept any new PINs as part of a faked up phone book entry.

These days it is easier, as most banks let you change the pin to something you can remember, but you still need to remember the one they set until you can reach that elusive Branch ATM.

4
0
Bronze badge
Coat

"bread out" most backdoors by now"

Luckily for you or you'd be toast

12
0
Anonymous Coward

Yep, perhaps. Hey, it's how I make my dough alright?!

4
0

Agreed, you need to know what they were actually asked before drawing conclusions, You need to know whether the PINs/passwords were encrypted, or plain text backed up to iCloud.

0
0

PINs?!

I can understand someone not tech-savvy storing passwords on their mobile - it's another version of the post-it in the wallet. But surely people can remember a four-digit PIN?

6
5

Re: PINs?!

I can't. But I don't have chip and pin cards for exactly that reason.

0
1
Anonymous Coward

Re: PINs?!

Personal account pin, joint account pin, credit card pin, corporate card pin, some of which are only used in a blue moon. Its not hard to see why this would happen.

19
1
Silver badge

Re: PINs?!

I can remember PINs for my debit card, the wife's debit card, and my phone. I don't use the credit cards anywhere near often enough in order to remember the PINs for them.

6
1

Re: PINs?!

I have the PIN for a couple of cards stored in my phone. They're unencrypted but somewhat obfuscated, even though I actually have KeePass and a private-cloud-synced password database on the phone, due to sheer laziness. I'm definitely not a "millennial", by the way.

I can remember the PIN for my personal debit card that I use daily, but for example it's probably more than a year since I last used my work card for anything other than an online transaction, so no, I'm not likely to remember the PIN for it.

I don't really it as a big issue anyway; AFAIK most card fraud does not involve using the PIN, since it's mostly online activity. For this to be an issue, you'd need to physically steal or clone the card, as well as stealing and gaining access to the phone to extract the pin, and then present the stolen card and use the stolen PIN in person, which leaves you much more likely to be traced and caught than if you just used the card and CSC for a little cross-border online fraud.

8
0
Silver badge
Happy

Re: PINs?!

I couldn't remember the code to get into my office building this morning. Well that's not quite true. I knew all the digits but couldn't work out the correct order.

It rather put me in mind of the classic Morecambe & Wise sketch.(*)

Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G).

(*)Which for some reason is blocked on my work connection because I'm in the wrong country. Apparently Banbury is no longer part of the UK. Oh well :)

3
0

Re: PINs?!

"Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G)."

Perhaps not as bizarre as you'd think. A few years back, I phoned one of my friends nearly every day. I had memorised the number, so didn't write or type it anywhere. Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was.

I don't have a great memory for numbers (I tend to find it easy to remember those I use frequently, but have to look up others). I do store passwords on my phone (but not pins), but only using apps that encrypt them.

6
0

Re: PINs?!

"most card fraud does not involve using the PIN"

I'm sure I read somewhere that criminals occasionally use the PIN together with a card in an ATM to get cash out.

4
1
Bronze badge
Pint

Re: PINs?!

"Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was."

Similar to my method, I remember the no. as a rhythm with the no. split up into blocks.

This is often how I seem to construct my passwords, they're rhythmic when I type them out.

No musical logo, so I'll settle for a pint.

5
0
Silver badge
Trollface

Re: PINs?!

>They're unencrypted but somewhat obfuscated

It's the easiest way. Create an addressbook entry with a name you'll remember and have the pin as part of the telephone number.

If you're using a phone with lots of apps, your security and privacy is probably already shot and bleeding out. Keep a couple of related pins for important stuff (things that spend your cash), some for identity-important things, and keep your email secure. Most of the rest is unimportant.

Really, if someone nicks your facebook account, you can email or call your real friends to let them know. You didn't do something dumb like single-sign-on with facebook did you?

1
0
Silver badge

Re: PINs?!

Wait awhile until you get to the point where you walk into a room and forget why you walked in.

5
0

Re: PINs?!

But surely people can remember a four-digit PIN?

Remember a different one for each card? Not quite so easy now.

Here's how. Memorize a two-digit number that you never ever explicitly write down or store. Memorize the positions of two digits out of the 16-digit card number. When you want to use any card you recall your two digit number and read the other two digits from their memorized places on the card. Combine them in the way your remember. Different PIN for each card, and easy to remember.

Human brains remember procedures much better than random four-character strings. And it's the same procedure for all your cards, so practice makes perfect.

5
0
Silver badge

Re: PINs?!

@Captain Badmouth

There was an article not that long ago that suggested the best way to remember a password was to use song lyrics.

So if you really liked Iron Maiden you could pick a verse from a song and transpose that into a password like this:

"Bring your daughter, bring your daughter, to the slaughter"

Becomes "BYDBYDTTS"

Then you add some variable capitalisation:

"ByDbYdTtS"

Followed by some number replacement:

"ByD8YdTt5"

And then add some symbols:

"ByD8YdTt5?"

Hey presto, instant random password that's easy to remember.

1
0
Silver badge

Re: PINs?!

Except you can't remember which B you replaced and one site insists that you have a symbol, while another insists on no symbols and a 3rd won't allow the same letter twice.

And we use GPU hashing engines now so that password is no more difficult to crack than "password5"

2
0
Anonymous Coward

Phones make you stupid

It's the only explanation.

(Other than phones have exposed people's stupidity to the media and a much wider platform)

2
4
Anonymous Coward

@AC - Re: Phones make you stupid

Only intelligent phones are making you stupid.

2
0

Re: Phones make you stupid

Speed dials and contact lists don't help either.

2
0

PIN numbers?

Really?

19
0
Silver badge
Headmaster

Re: PIN numbers?

I feel your pain.

No-one ever seems to use the correct term - "PIN number number" - anymore.

13
0
Anonymous Coward

Re: No-one ever seems to use the correct term - "PIN number number" - anymore.

But the problem with the alternative oldfangled PI Number is that it´s too easy to guess. Although somewhat tedious to type in...

8
0

Re: PIN numbers?

Can't remember my Personal Identification Number numbers.

This makes perfect sense to me. There are four of them in a PIN. Or sometimes six. Occasionally eight.

0
0
Silver badge

Re: No-one ever seems to use the correct term - "PIN number number" - anymore.

>Although somewhat tedious to type in...

I just use the last 4 digits

2
0

Stooopid milleniuls

Keeping PINs on a (probably) password-protected and encrypted device like that, those idiots.

16
0
Thumb Up

Re: Stooopid milleniuls

Indeed without some stats on how many lost and stolen phones actually go on to have their bank accounts etc. compromised its rather a worthless survey. As per usual its just marketing fluff.

I'm willing to wager that the vast majority of lost/stolen devices DO NOT have any personal information used/abused on them. Coz the immediate value of phone + the chances of getting nicked with a stolen phone isfar lower risk than using the contents of said phone for online fraud.

10
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing