64 character pin code

L8437

Hi, so I know that a diceware or random character password that is 64 characters long, will provide high entropy.

However, if the 64 character was just number and pin setting then would this still provide high entropy

DeletedUser29

L8437 Why do you want to use only numbers?

As for if it's good or not, this old Computerphile video explains the topic better than I ever could Password Cracking - Computerphile.

L8437

DeletedUser29 thanks for the reply.

So I obviously don't know what the difference is security wise.... if you have a 16 number pin Vs a 64 number pin....

Without relying on the secure element throttling
Is a 64 number pin alot more secure than 16 numbers ?

mmmm

L8437
It’s certainly more secure yes. But neither rate that high with ‘what could be’ for the same level of hassle.

If you mix in other characters (letters both cases, numbers, other characters etc) you can have a much smaller and easier to enter password and likely much more secure than either. That will probably be much more secure than any number password even of extreme length.
If you must have length then instead of using 64 random numbers, use 8 or more random words (aka Diceware). That’s very very secure and you needn’t fret that way.

DeletedUser29

L8437

Using only 0-9 gives you a base of 10, which for your examples is 10¹⁶ (entropy of 53.15 bits) and 10⁶⁴ (entropy of 212.6 bits). So 64 numbers is more secure than 16.

But it is equally important how large your character set is, as that is half the password. Using numbers, lower case letters, upper case letters and 9 different special characters (e.g. @ # - _ etc) gives you a base of 45, which using the previous examples, 45¹⁶ which as an entropy of 84.4 and 45⁶⁴ which is a whooping 393.6 bits. Which is a lot more secure at the same password lengths and, unless you memorise pi-digits for fun, equally hopeless to remember.

So if you're not using a password manager (you should) then do what @mmmm said and use a string of words instead.

More reading here if you want somwhere to start to learn more:
https://en.wikipedia.org/wiki/Password_strength
https://www.privacyguides.org/en/basics/passwords-overview/

Ps. For anyone reading, do correct me if I'm wrong about something. I am so not an expert at this.

L8437

DeletedUser29
Thanks everyone. I want to try and get a balance of convenience with enough security.

I had a random character password of like 64 characters, which is fine when NOT in a rush, and not tired.

But when in a rush and tired, it becomes soooo frustrating!

I like the maths calculations you used, this makes sense to me now

The thing is I'm not as technical as others, I'm just a consumer

[deleted]

L8437 I don't know your threat level but if you are "consumer" like most of us, then relying on secure element and 6 digit pin code is plenty sufficient.

mmmm

L8437

Further reading for diceware. It’s by far the easiest method for creating random passwords that are memorable.

https://en.m.wikipedia.org/wiki/Diceware

https://www.eff.org/dice