back to article Idiot millennials are saving credit card PINs on their mobile phones

More than one in five 18-24 year olds (21 per cent) store PINs for credit or debit cards on their smartphones, tablets or laptops, according to research conducted by Equifax in conjunction with Gorkana. In the same survey of 500 people across all ages more than a third of young adults (38 per cent) said they also use their …

  1. h4rm0ny
    Windows

    And pre-Millienials were tech savants?

    Can we ditch honing in on "Millenials"? I'm sick of every bandwagon news site suddenly starting to throw the word around every other article as if it has some actual significance. If anything, I would have thought "Millenials" probably have a higher average IT knowledge than older generations.

    Maybe they just don't care because there aren't any well-paying jobs and there's nothing IN their bank-accounts except ten grand of student debt, did you think of that?

    Grumpy icon for grumpy post ----------->

    EDIT: And yes, I read the article. If they're five percentage points higher than the previous generation likely to store the numbers in their phone, I suspect that's more to do with smartphone ownership and use of online banking than tech expertise.

    1. Anonymous Coward
      Anonymous Coward

      Re: And pre-Millienials were tech savants?

      Millienials stupidly store their pins in their phones.

      Pre-Millienials stupidly store their pins on a post-it note stuck to their monitor.

      1. SolidSquid

        Re: And pre-Millienials were tech savants?

        or stuck to the back of their ID, or on a piece of paper in their wallet, or on a sticker on the back of their phone. There's a lot of dumb ways to store passwords, on a pin locked device isn't necessarily the worst of them

        1. Vic

          Re: And pre-Millienials were tech savants?

          or on a piece of paper in their wallet

          I've done the PIN-on-paper-in-the-wallet thing, alongside my bank card.

          Not *my* PIN[1], mind...

          Vic.

          [1] Although it's unlikely to work, I rather hope that anyone who steals my wallet might try that PIN enough times to get the card swallowed :-)

        2. Drape1941

          Re: And pre-Millienials were tech savants?

          In a world where every trivial or non-trivial website demands a password that is changed regularly please advise as to a safe, secure and practical way to save passwords that can be used on a variety of electronic devices in a variety of situations. It is the outdated password system that is at fault not idiot millenials that are at fault. I am 75 years old, am I a millienial?

        3. PeteA
          Trollface

          Re: And pre-Millienials were tech savants?

          But if your PIN's are stored on a PIN-locked device, then how do you unlock the device?

      2. magickmark
        Facepalm

        Re: And pre-Millienials were tech savants?

        </sarc>

        I'm a "pre-millenial", an old duffer in my 50's using tec for 30+ years, and its amazing how many times I've lost my monitor and post-it-notes stuck to them from my back pocket when I've been out.

        </sarc>

        1. Anonymous Coward
          Anonymous Coward

          Re: And pre-Millienials were tech savants?

          I found one of them!

          Send me a telegram and I will arrange for a man in a dust jacket to deliver it to you.

          Make sure you have the correct form: https://youtu.be/NWqJECZelhQ

      3. Terry 6 Silver badge

        Re: And pre-Millienials were tech savants?

        massivleySerial You are SO wrong. We store our pins on post-its on the back of the credit card, because no one would look there.

        1. e^iπ+1=0

          Re: And pre-Millienials were tech savants?

          "pins on post-its on the back of the credit card"

          That just doesn't work - post-its fall off.

          Haven't you heard of marker pens?

      4. Anonymous Coward
        Anonymous Coward

        Re: And pre-Millienials were tech savants?

        Or, if you find like I did, 'pre-millenials' write usernames and passwords on monitor bezels (back in CRT days) 'just in case someone needs to get in'.

      5. PacketPusher
        Trollface

        Re: And pre-Millienials were tech savants?

        My mother was born in 1929 and never touched a computer until she was in her 70s, but she was no dummy when it came to security. She wrote her ATM PIN, the only PIN she had, as a phone number in her address book. If someone stole her purse, they would have the PIN, but it probably would not be recognized as such.

    2. Yet Another Anonymous coward Silver badge

      Re: And pre-Millienials were tech savants?

      Solution to stories about millenials

    3. Sir Sham Cad

      Re: And pre-Millienials were tech savants?

      I think the main issue here is that this generation always had this technology around them. They're comfortable with it and generally trust it. It's not that they're not tech-savvy they're just tech-complacent.

      If the phone/tablet etc... has a password/lock that encrypts the data then that's still a lot better than the post-it-note-in-the-wallet scenario. It's still a bad thing to do but it's less worse than the low tech version.

      Also:

      "ten grand of student debt"

      First year students only then?

    4. phuzz Silver badge
      Windows

      Re: And pre-Millienials were tech savants?

      I was born in the early 80's and apparently I'm classed as a millennial, so really this article (seeing as it was singling out people ten years younger than me) could have replaced the word 'millennial' with 'young people' and rounded it out with quick anecdote about how the youth have no respect these days, don't know the meaning of hard work and should get off the author's lawn.

      (I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)

      1. Jeffrey Nonken

        Re: And pre-Millienials were tech savants?

        "(I have memorised my PIN, but I do use a password manager on my phone to remember alarm codes etc.)"

        Keepass here, though I don't think I qualify as a millennial, seeing as how I'm actually a 'boomer.

        1. Darren Sandford

          Re: And pre-Millienials were tech savants?

          Keepass, synchronised through my own Owncloud server across all my devices, with a separate key file (not synchronised, I transfer that manually) and password combined.

      2. Anonymous Coward
        Anonymous Coward

        I was born in the early 80's

        Awww - who's a cute little puppy!?

        1. werdsmith Silver badge

          Re: I was born in the early 80's

          Well obviously being a bit older than a millenial, I write my card pin codes on the signature strip on the back of the card. That's what the strip is for isn't it? After all the CVV number is printed there for all to see.

          And passwords, well I just use Pa55w0rd for everything, because nobody would guess that and anyway, how hard would it be to find out my mother's maiden name and the name of my first school?

          Actually I don't remember passwords, there are just too many different online accounts needing a different password that it becomes ridiculous. Instead I just remember one complex formula which constructs a unique password from context.

          Alternatively I could just remember the password for my email and use the forgotten password reset link every time for everything else.

          Or not do anything important online.

    5. Naselus

      Re: And pre-Millienials were tech savants?

      Well, it's all a matter of how you choose to spin it, isn't it? This article runs with '21 percent of millenials store PINs on mobile devices', but one could just as easily run the exact same story as 'only 16 percent of baby boomers have discovered the memo function on their mobile device'... which is pretty much the main reason my mother doesn't keep her PINs on her phone. I dread the day she actually looks under the 'all apps' menu.

  2. The Mole

    Surely it depends on how the PINs are stored? If they are in an appropriately secure password vault its no worse than storing other types of password and pretty secure. Similarly if the PINS are sufficiently steganographically hidden (inside a fake contact phone number perhaps) then as long as it isn't obvious the odds of an attacker knowing it is there and guessing the right set of numbers before the card is blocked is pretty secure (I'd be more worried about them resetting your paypal password through access to your email account).

    There is also the question of which is better - 1 pin for all n cards you have, or a pin for each card but that leads to issues with remembering them all so you have to record them securely in your phone.

    1. Anonymous Coward
      Anonymous Coward

      I'd second this.

      Yes, I have some details stored, under GnuPG-protected files with a 4096-bit RSA key. Never kept persistently in cleartext. Ever.

      The machines where I keep those passwords run self-built versions of Gentoo. I've been doing my own stage builds for about 5 years now using the same scripts I used to maintain official stage builds for their MIPS port. Sufficiently long enough to have "bread out" most backdoors by now.

      My phone however has none of the above. It is considered "untrusted" as it runs a dated version of Android for which I do not have the source code, thus only gets the bare essentials in terms of passwords. I'll never use GnuPG or OpenSSH on it with my regular keys, and will not use it for storing confidential information.

      As it happens, I have just one debit card, issued by the post office. It rarely gets used. I draw money out of the bank by visiting the branch in person and using a passbook: same way I've done for almost 21 years now.

      I'm not sure what age group classify as "millennials", I'd be in the 30-35 age bracket.

      1. Steve K
        Coat

        "bread out" most backdoors by now"

        Luckily for you or you'd be toast

        1. Anonymous Coward
          Anonymous Coward

          Yep, perhaps. Hey, it's how I make my dough alright?!

    2. Anonymous Coward
      Anonymous Coward

      bin doing that for decades

      Since my first mobile phone (The Nokia Orange), I have kept any new PINs as part of a faked up phone book entry.

      These days it is easier, as most banks let you change the pin to something you can remember, but you still need to remember the one they set until you can reach that elusive Branch ATM.

    3. Alan Edwards

      Agreed, you need to know what they were actually asked before drawing conclusions, You need to know whether the PINs/passwords were encrypted, or plain text backed up to iCloud.

  3. Bumpy Cat

    PINs?!

    I can understand someone not tech-savvy storing passwords on their mobile - it's another version of the post-it in the wallet. But surely people can remember a four-digit PIN?

    1. Chloe Cresswell Silver badge

      Re: PINs?!

      I can't. But I don't have chip and pin cards for exactly that reason.

    2. Anonymous Coward
      Anonymous Coward

      Re: PINs?!

      Personal account pin, joint account pin, credit card pin, corporate card pin, some of which are only used in a blue moon. Its not hard to see why this would happen.

    3. Alien8n

      Re: PINs?!

      I can remember PINs for my debit card, the wife's debit card, and my phone. I don't use the credit cards anywhere near often enough in order to remember the PINs for them.

      1. AndrueC Silver badge
        Happy

        Re: PINs?!

        I couldn't remember the code to get into my office building this morning. Well that's not quite true. I knew all the digits but couldn't work out the correct order.

        It rather put me in mind of the classic Morecambe & Wise sketch.(*)

        Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G).

        (*)Which for some reason is blocked on my work connection because I'm in the wrong country. Apparently Banbury is no longer part of the UK. Oh well :)

        1. Stuart Castle Silver badge

          Re: PINs?!

          "Given that I've been using it twice almost every weekday for the last fourteen months that's a bit bizarre. I have a very good memory for numbers normally and once memorised PI to 150 decimal places (printed on page 57 of SMP Maths book G)."

          Perhaps not as bizarre as you'd think. A few years back, I phoned one of my friends nearly every day. I had memorised the number, so didn't write or type it anywhere. Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was.

          I don't have a great memory for numbers (I tend to find it easy to remember those I use frequently, but have to look up others). I do store passwords on my phone (but not pins), but only using apps that encrypt them.

          1. Captain Badmouth
            Pint

            Re: PINs?!

            "Then, one day, I realised I couldn't remember the number. I realised I was actually dialling it automatically, and didn't have a clue what the number was."

            Similar to my method, I remember the no. as a rhythm with the no. split up into blocks.

            This is often how I seem to construct my passwords, they're rhythmic when I type them out.

            No musical logo, so I'll settle for a pint.

            1. Alien8n

              Re: PINs?!

              @Captain Badmouth

              There was an article not that long ago that suggested the best way to remember a password was to use song lyrics.

              So if you really liked Iron Maiden you could pick a verse from a song and transpose that into a password like this:

              "Bring your daughter, bring your daughter, to the slaughter"

              Becomes "BYDBYDTTS"

              Then you add some variable capitalisation:

              "ByDbYdTtS"

              Followed by some number replacement:

              "ByD8YdTt5"

              And then add some symbols:

              "ByD8YdTt5?"

              Hey presto, instant random password that's easy to remember.

              1. Yet Another Anonymous coward Silver badge

                Re: PINs?!

                Except you can't remember which B you replaced and one site insists that you have a symbol, while another insists on no symbols and a 3rd won't allow the same letter twice.

                And we use GPU hashing engines now so that password is no more difficult to crack than "password5"

    4. tony72

      Re: PINs?!

      I have the PIN for a couple of cards stored in my phone. They're unencrypted but somewhat obfuscated, even though I actually have KeePass and a private-cloud-synced password database on the phone, due to sheer laziness. I'm definitely not a "millennial", by the way.

      I can remember the PIN for my personal debit card that I use daily, but for example it's probably more than a year since I last used my work card for anything other than an online transaction, so no, I'm not likely to remember the PIN for it.

      I don't really it as a big issue anyway; AFAIK most card fraud does not involve using the PIN, since it's mostly online activity. For this to be an issue, you'd need to physically steal or clone the card, as well as stealing and gaining access to the phone to extract the pin, and then present the stolen card and use the stolen PIN in person, which leaves you much more likely to be traced and caught than if you just used the card and CSC for a little cross-border online fraud.

      1. e^iπ+1=0

        Re: PINs?!

        "most card fraud does not involve using the PIN"

        I'm sure I read somewhere that criminals occasionally use the PIN together with a card in an ATM to get cash out.

      2. P. Lee
        Trollface

        Re: PINs?!

        >They're unencrypted but somewhat obfuscated

        It's the easiest way. Create an addressbook entry with a name you'll remember and have the pin as part of the telephone number.

        If you're using a phone with lots of apps, your security and privacy is probably already shot and bleeding out. Keep a couple of related pins for important stuff (things that spend your cash), some for identity-important things, and keep your email secure. Most of the rest is unimportant.

        Really, if someone nicks your facebook account, you can email or call your real friends to let them know. You didn't do something dumb like single-sign-on with facebook did you?

    5. Mark 85

      Re: PINs?!

      Wait awhile until you get to the point where you walk into a room and forget why you walked in.

    6. Nigel 11

      Re: PINs?!

      But surely people can remember a four-digit PIN?

      Remember a different one for each card? Not quite so easy now.

      Here's how. Memorize a two-digit number that you never ever explicitly write down or store. Memorize the positions of two digits out of the 16-digit card number. When you want to use any card you recall your two digit number and read the other two digits from their memorized places on the card. Combine them in the way your remember. Different PIN for each card, and easy to remember.

      Human brains remember procedures much better than random four-character strings. And it's the same procedure for all your cards, so practice makes perfect.

  4. Anonymous Coward
    Anonymous Coward

    Phones make you stupid

    It's the only explanation.

    (Other than phones have exposed people's stupidity to the media and a much wider platform)

    1. Anonymous Coward
      Anonymous Coward

      @AC - Re: Phones make you stupid

      Only intelligent phones are making you stupid.

    2. Queasy Rider

      Re: Phones make you stupid

      Speed dials and contact lists don't help either.

  5. John Latham

    PIN numbers?

    Really?

    1. Little Mouse
      Headmaster

      Re: PIN numbers?

      I feel your pain.

      No-one ever seems to use the correct term - "PIN number number" - anymore.

      1. Anonymous Coward
        Anonymous Coward

        Re: No-one ever seems to use the correct term - "PIN number number" - anymore.

        But the problem with the alternative oldfangled PI Number is that it´s too easy to guess. Although somewhat tedious to type in...

        1. Yet Another Anonymous coward Silver badge

          Re: No-one ever seems to use the correct term - "PIN number number" - anymore.

          >Although somewhat tedious to type in...

          I just use the last 4 digits

      2. Nigel 11

        Re: PIN numbers?

        Can't remember my Personal Identification Number numbers.

        This makes perfect sense to me. There are four of them in a PIN. Or sometimes six. Occasionally eight.

  6. fridaynightsmoke

    Stooopid milleniuls

    Keeping PINs on a (probably) password-protected and encrypted device like that, those idiots.

    1. Gordon 10
      Thumb Up

      Re: Stooopid milleniuls

      Indeed without some stats on how many lost and stolen phones actually go on to have their bank accounts etc. compromised its rather a worthless survey. As per usual its just marketing fluff.

      I'm willing to wager that the vast majority of lost/stolen devices DO NOT have any personal information used/abused on them. Coz the immediate value of phone + the chances of getting nicked with a stolen phone isfar lower risk than using the contents of said phone for online fraud.

  7. Slartybardfast

    Encryption?

    No mention however if these were stored in the clear or encrypted using something like Keypass. I keep mine on my phone using Keypass. Getting my .kdbx file won't be of much use to you without my key.txt file (on USB stick) and long, complicated but memorable password. BTW I'm 54.

    1. Eugene Crosser

      Re: Encryption?

      Indeed.

      I keep all my passwords (couple hundred I think) and pins (a dozen) on the phone, encrypted under master password in OISafe. 55.

      Millenials, you are saying...

      1. Jeffrey Nonken

        Re: Encryption?

        Keepass here, long passcode easy for me to remember but hard to guess. 59.

      2. e^iπ+1=0

        Re: Encryption?

        "I keep all my passwords (couple hundred I think) and pins (a dozen) on the phone, encrypted under master password"

        I keep them under the mattress. Obfuscated.

  8. Joe Werner Silver badge

    I guess a scammer...

    ...might not be able to get my card out of my wallet if the arsehole sits one continent away. Writing it on your card, as some people apparently do (why else would one warn explicitly against it) is much worse.

  9. Thomas Chippendale

    Best option

    It's the only practical option. It is impractical for most users to remember all the details required. One bank I use requires all of: A user ID number; an online password; an online PIN; a telephone banking PIN; a password for using the debit card online; and finally a debit card PIN. This is separate from the sort code and account number, or the debit card number, all of which I must already remember.

    Each of these six additional security items must be either remembered, or documented. Like many consumers, I have several bank accounts with multiple cards, and each of these has a similarly long list of details required. I have seven accounts with banks or credit cards. If each require at least four security values that is already twenty-eight separate items, on top of the card numbers and account numbers which many users will already remember as a matter of course.

    And it is not just banking: even transactions which did not previously involve any self-service access or any password now generally do. Examples include electricity or gas accounts, car or home insurance, airlines, railways or TfL, Uber, or any number of things.

    I do work hard to remember things and set proper passwords, but a few years ago the volume of passwords and ID numbers required made it no longer possible for me to do so without writing them down. There may be people who are able to remember the fifty or a hundred passwords needed regularly without writing them down, but I think most people are simply not able to remember a very large number of separate passwords.

    The realistic options are either:

    - to use the same password and PIN everywhere.

    - to write the passwords and PINs on a piece of paper.

    - to store them on a mobile device or computer.

    The third option is not perfect but it is much better than the two alternatives. It is, at least, encrypted. An end user must take some responsibility for security of a system and this is by far the best option of the three.

    I wonder what the article's author suggests as a better option?

    There is always the option of writing security details down in lemon juice invisible ink and then revealing the writing later by holding it near a candle. But you may not always have a candle (or lemon) to hand when out and about.

    1. Doctor Syntax Silver badge

      Re: Best option

      "There is always the option of writing security details down in lemon juice invisible ink and then revealing the writing later by holding it near a candle. "

      Anthracene solution and a UV lamp?

  10. jjk
    Facepalm

    Not as stupid

    ...as tweeting a picture of your shiny new credit/debit card (soon to be canceled for fraud).

  11. Anonymous Coward
    Anonymous Coward

    Feminists - More of you need to store passords in phones!!!!!!

    "Almost twice as many males than females are likely to store passwords and PIN numbers on their devices "

    Do it in the name of female equality!!!!

    Anon 'con I'm married and I like my testicles

  12. Ol'Peculier

    Not just millenials?

    I have the PIN number for my company card in my wallet, but in a way nobody would think it was a PIN simply because I only use it in a proper shop when I need something in a hurry. And I (unfortunately) was born a wee bit before the 80s

  13. Efros

    Hmmm.

    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."

    Usually attributed to Albert E. but probably not one of his.

  14. Buzzword

    Bank account number/sort codes

    Back in the old paper days, your bank account number and sort code was printed in the corner of every cheque. The cheque system itself was ridiculously insecure: a piece of paper granting easy access to any sume of money in your bank account at any time. People stored cheques at home in ridiculously insecure conditions (e.g. in an unlocked drawer).

    Keeping your PIN safe is common sense; but it's hard to do any damage with your bank account and sort code. Jeremy Clarkson proved this in 2008 by publishing his bank details. The worst that happened was someone signed him up for a direct debit to a charity, which he was able to cancel immediately under the Direct Debit Guarantee.

  15. Martin0641

    Fails the Smell Test

    Who bothers to store a 4 digit pin?

    BTW I do one worse, I store my passwords in my Google drive and synch it to all my devices.

    Good luck guessing your way through the AES 256 encryption by the way.

    1. Jeffrey Nonken

      Re: Fails the Smell Test

      "Who bothers to store a 4 digit pin?"

      Anybody who has to remember too many of them.

      Anybody with an account they don't access via PIN regularly.

      Anybody who doesn't have a perfect memory.

      Anybody who is mortal and might want to leave their account details to whomever might have to take them over. Especially if they become disabled but not dead. Like, you know, growing old.

      1. e^iπ+1=0

        Re: Fails the Smell Test

        "become disabled but not dead"

        Lasting power of attorney (or whatever it's called) might suit your needs better.

        We set this up on behalf of a relative last year; haven't had cause to use it yet.

        More reliable than knowing a password which might change, and has the advantage of being legal!

        1. Doctor Syntax Silver badge

          Enduring power of attorney

          "More reliable than knowing a password which might change, and has the advantage of being legal!"

          But reportedly beyond the comprehension of many bank staff.

          1. BongoJoe

            Re: Enduring power of attorney

            But reportedly beyond the comprehension of many bank staff.

            Reminds me of the nice people in Yorkshire Bank, Sheffield. We had PoA over my father in law and there was a problem which needed me to ring them up.

            "Could your father-in-law pop into the branch?"

            "No, he's in a nursing home in Gwynedd and won't be able to hear you and if he could he won't understand you which is why I have this PoA arrangement."

            "Could you get him onto a bus to come to Fargate?"

            "From North Wales? "

            "Why? Is that far?"

            sigh.

  16. Norman Nescio Silver badge

    Offline device

    What would be useful is a device with guaranteed no network connectivity and a secure O/S designed specifically to store such stuff, much like a PDA. People use phones because they are convenient.

    If you had something like a PSION Revo, or other PDA with removable storage (like an SD card) on which was stored an encrypted database, then you could take a copy of the database for backup - just plug it into a new device if the old one breaks or is lost, and by only needing to remember one password for the device itself, have secure storage for all your PINs, passwords, and other items.

    Ideally, it would be open hardware, with no binary blobs/drivers etc. banks should really sponsor the development of something like this in addition to the PIN validation cards (CAP readers).

    1. Charles 9

      Re: Offline device

      Wouldn't you need online access to sync things between devices? Otherwise, what happens when you add or change an entry, forget about it then change another entry on another device, creating a mess of out-of-sync copies? Then you find you need the updated code from device A but all you have is device C and it's five minutes to close before a three-day weekend and the bills are due (and yes, I have actually, personally seen someone that damn desperate)?

      1. Doctor Syntax Silver badge

        Re: Offline device

        "what happens when you add or change an entry, forget about it then change another entry on another device"

        I think I can see where your problem lies.

        1. Charles 9

          Re: Offline device

          You'd be surprised just how many people today have poor recall. A lot of it is due to information overload. How is a person expected to be able to quickly recall hundreds of bits of random information, at random, every day. No amount of mnemonics can help in this kind of situation as the human brain wasn't built for stuff like that. Eventually, even the best among us mixes up "correcthorsebatterystaple" with "paperclipdonkeyreactorwrong".

    2. Steve K

      Re: Offline device

      Maybe I've misunderstood, but aren't you advocating carrying another device in addition to your phone in order to manage passwords?

      Pretty secure as you have outlined it, but prone to failure (in the sense that there are now more devices - and not just passwords - to forget/lose etc....)

  17. Hans Neeson-Bumpsadese Silver badge

    Obfuscation

    Provided the number is suitably obfuscated, I don't see any undue risk in storing a PIN in a device (or anywhere else).

    For example, the contacts section of my old Filofax used to include a phone number for "C Barclay", which looked like a regular phone number but the last 4 digits were my PIN (with some jiggery-pokery, like the digits were in reverse order).

    1. e^iπ+1=0

      Re: Obfuscation

      "C Barclay"

      That might be hard to spot for the average criminal, but if you bank had a more obvious name, "O NatWest" might give it away too easily.

      1. Doctor Syntax Silver badge

        Re: Obfuscation

        'but if you bank had a more obvious name, "O NatWest" might give it away too easily.'

        Nathaniel North?

  18. JLV
    Trollface

    Forgetting for a sec if it's millenials or pre-millenials, how clever are you, exactly, if the supreme effort of remembering a 4 digit pin overwhelms the ol' noggin?

    Let's not stray into the complexities of passwords to X accounts and Y banks. Stick to just your main CC and debit cards. Can you really not be bothered to remember 2-3 somethings you use daily? And which protect your $? Apologies in advance to people with actual mental disabilities, it's not you I am making fun of.

    Idiocracy FTW.

  19. D@v3

    males vs females

    Do you think this might have anything to do with Males, knowing (the concept of) good security have different passwords / PINs for everything, and therefore need to have a note of some of the less frequently used ones, where as females not caring so much because being hacked is something that happens to other people, only have one password and one PIN that they use for everything, and therefore have no need to write them down.

    I only say this because I was having a similar conversation with a female friend of mine recently, and she was quite adamant that her one password was fine, and didn't want any advice on creating easy(ish) to remember, but much more secure passwords. Where as I (being of the male persuasion) have a variety of (what I consider) to be fairly secure passwords, but like many others have mentioned here, have some of the less frequently used ones stored in various (reasonably) secure ways.

    1. Anonymous Coward
      Anonymous Coward

      Re: males vs females

      misogynist?

  20. Anonymous Coward
    Anonymous Coward

    Mines easy to remember I use it for my luggage as well 1234.

    It leads to a philosophical question as to if someone stores a 4 digit pin on a device that has a 4 digit lock screen. How would they ever unlock it?

    1. hplasm
      Happy

      Re: How would they ever unlock it?

      They keep the phone PIN on the nearest ATM...

  21. gollux
    Mushroom

    Welcome to the new millenium...

    It's time to join PETE...

    People eating tasty Eloi

  22. CanuckinOz

    Lastpass

    Whose to say they aren't all storing it in LastPass?

  23. Anonymous Coward
    Anonymous Coward

    Psychology

    I attempt to fool would-be thieves by enclosing a small slip of paper inside my wallet marked "PIN" with a number alongside that is *not* my PIN. The hope is that the ne'er-do-well would block the card after 3 failed attempts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Psychology

      One for every card, and make them guess "is that a 1 or a 7? 3 or 8? 5 or 6?"

    2. Nigel 11

      Re: Psychology

      Even better write "2 4 6 papa" (or something like that" on the paper. That makes the thief think that he has a 3/10 chance when it's really 0/10.

  24. cantankerous swineherd

    steal phone

    open browser

    go to banking site

    watch browser fill in user/pass

    1. Jeffrey Nonken

      Not gonna happen on my phone, nor any browser I use.

  25. Anonymous Coward
    Anonymous Coward

    MY PIN

    1784

    Sorted, I just need to remember this link now.

  26. Keven E

    Stats

    Don't you need a sample of 1500 to get a +-3% standard deviation of accuracy?

    This could be a lot worse and we could care a lot less.

    1. John H Woods Silver badge

      Re: Stats

      "Don't you need a sample of 1500 to get a +-3% standard deviation of accuracy?"

      Do you mean confidence interval? And it would depend on confidence level. For instance, with a population of 10,000,000, you would need a sample of (from memory) just over 1,000 to get a 95% confidence level of a 3 point confidence interval. But I think you need nearly twice that to get a 99% confidence level on the same interval.

  27. Kevin McMurtrie Silver badge

    In other news

    Millennials are getting mugged for not realizing that when a survey asks if your PIN is on your phone, you should always say "No."

    1. Nigel 11

      Re: In other news

      Coming soon: three-fingered millennials who thought unlocking a phone with their fingerprint was a good idea.

  28. Captain Badmouth
    Holmes

    Millennials?

    WTF happened to generation X?

    1. Huw D
      Coat

      Re: Millennials?

      Generation X?

      Billy Idol went solo and Tony James formed Sigue Sigue Sputnik...

  29. Anonymous C0ward

    What I do is

    change all my payment card PINs to the same, and keep that one in my head

    keep my passwords in LastPass, yes it's on my phone but encrypted and the app is protected by a different PIN

    phone itself, and SIM, locked with another PIN, plus full device encryption with a password

    2FA where possible

    1. Anonymous C0ward

      Re: What I do is

      Also I'm not a millennial, I'm Generation Y dammit.

  30. rtb61

    The problem is not the millennials the problem is widespread passwords. What is needed is password generating software. So a password application that you install locally with one password for you to access it and it generated the passwords used to access other services. So a password is requested, you use to generate and enter that password by inputting your password to activate it.

    When it comes to accesing that site again the request is sent to your password generating app, a request for you password is requested and once entered the site password is sent (you do not even need to know those passwords).

    You need to be able to install the app on mulitple devices, so as to connect to the stored services and be able to harmonise those passwords, although it would be better if the services in question would accept more than one password per person, so your multiple device supply different passwords, you just need to access that permission via your originating password app.

  31. Anonymous Coward
    Anonymous Coward

    It's a jump to the left...

    Just add "1" and stick to that.

    Store your pin numbers on your phone, but add "1" to every digit.

    4542 becomes: 5653

    0712 becomes: 1823

    9073 becomes: 0184

    Jump by "3" if you prefer....

    1. Triggerfish

      Re: It's a jump to the left...

      I store all my passwords, by hiding the numbers in order in four individual places on the route to work. For some reason it doesn't work on the return journey.

  32. Seajay#

    Seems fine

    Turns out that the FBI can't get in to recent iPhones and even older ones require significant effort. Therefore this seems to be a perfect place to store your PINs

    .

    Also, the article says "The habit leaves young adults more exposed to online scams in cases where their devices are stolen or hacked.

    Once a device is breached, fraudsters can use data stored on it to access accounts, and also use a combination of data found to try to steal an individual’s identity."

    Your PIN is only of use if the attacker physically has your card so it's of no use if the device is hacked remotely. It's also of no use in the case of identity theft, your bank staff don't know your PIN so an attacker knowing it doesn't give them any advantage in stealing your identity.

    Now the other data on your phone is obviously hugely useful in stealing your identity, mostly your email account which is invariably the key to everything else. But what should we do differently? Not have email access or any other personal information on our smartphones? That kind of defeats the point of them.

    Now I think about it, it would be very useful to have one email address for password recovery (which you don't leave logged in) and another one for correspondence (which you have to leave logged in to get notifications). Most accounts don't support that though.

  33. Anonymous Coward
    Anonymous Coward

    I wish I could be there...

    To see the look on their face after managing to steal both my phone and wallet, break my phone PIN within 10 attempts, figure out which card the one random PIN in my memos is for (the one I can't change FWIW) then to realise that, as a millennial, there's about $20 in total across all my cards anyway!

    Sucks to be you theif! Oh, wait :s

  34. Anonymous Coward
    Anonymous Coward

    Try telling them though...

    that it's foolish, and they should use a password manager, and they'll turn around and self-diagnose themselves with stress and anxiety related short term memory disorder and accuse you of harassing and bullying them, you CIS white piece of trash.

  35. herman

    Keepass and KeepassX

    I use KeepassX and it is available on all my devices - cell phones too. I can't remember hundreds of different passwords.

  36. DaveNullstein

    encrypted?

    Article doesn't mention if they are using password managers or other encrypted storage to do so.

    This is a meaningless piece of trivia. I'm a genXer and I store passwords on my phone. Who the fuck doesn't?

  37. nautica Silver badge
    Holmes

    Why did the chicken cross the road?

    Q: What makes a millenial an idiot?

    A: Aversion to work.

    Thinking is work; thinking is bad; ergo any new technobauble which reduces the need to think is guaranteed to be snapped up by the millidiots.

    Millenials need not apply here. You can be spotted a mile away, and, thankfully, you're not protected by the government (which, laughably, is becoming overrun with millenials).

  38. Jimbo 6
    Boffin

    One question remains...

    ... given that The Yoof record all their PINs on their fondleslabs (which may - or may not - be a good idea, see previous posts) :

    Do they actually back up that info anywhere else ?

  39. Anonymous Coward
    Anonymous Coward

    5 out of 5 do. It's just that the other 4 aren't dumb enough to admit it to a random survey guy/girl.

  40. The Quiet One

    Nothing new here...

    I setup a new mobile for a user and to make sure ActiveSync was picking up contacts, i took a quick look in the address book app.

    And there it was, clear as day.....The first contact, "Mrs Abbey Pin" who, mysteriously, only had a 4 digit phone number.

    At the very least, make it look like a real number and then make the first or last 4 your PIN...or better yet, just remember it. How hard can it be?

  41. AndrewDu

    The kids have grown up with this stuff and have totally swallowed the government line about "if you've got nothing to hide...". Their view is why would anyone want to steal MY stuff when there are all these rich bastards around?

    Works fine until your grandfather sends £300 to some scammer somewhere because you got mugged in Madrid, or some other place you've never been to. (Nearly happened in my family; did happen to a friend).

    My god-daughter wrote her PIN on the actual credit card itself - but it was OK (she said) because it was written with the digits in the reverse order. Then she was shocked - shocked, I say - when her big brother emptied her bank account. Once bitten...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon