When to choose a password, when to choose a PIN

You understand that you need to protect your PC, phone, and online accounts. But do you always have to use a long and complex password?

1016 primary password

Chuck asked about the difference between using a PIN or a password. “To me they seem to serve the same purpose.”

Like a password, a Personal Information Number (PIN) allows you to prove that you’re you, so that no one else can access your data. The obvious difference is that a PIN is limited to numerical digits (0-9), while a password can contain numerical digits, upper- and lowercase letters, and punctuation.

But that doesn’t explain the advantages of each.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

PINs are easier to type, especially on a touchscreen. With much fewer options, you can tap a few big buttons rather than a lot of little ones.

0615 android pin and password

Android keypads for a PIN and for a password

So why does anyone use passwords? Because they’re more secure. You have only 10 options available for each digit in a PIN, but a password can have as many as 95 (assuming it accepts every character you can type on a conventional keyboard, including Space). And the more options you have for each character, the harder the password is to crack.

How big a difference does this make? There are ten billion possible 10-character PINs. But there are 59,873,693,923,837,900,000 possible 10-character passwords. That’s about eight billion possibilities for every person alive today.

Then consider this: A ten-character password is considered relatively short, while a ten-digit PIN is unusually long. Most use four or six digits; that’s 10,000 and 1,000,000 possibilities, respectively.

So why would anyone use a PIN when they can use a password?

The real danger of getting your password hacked is on the Internet, so that’s where you need the most protection. Passwords are much safer for online accounts. But PINs are safe enough for unlocking a device that’s in your hands.

Windows 10 really makes this difference clear. Assuming that your Windows account is a cloud-based Microsoft account (the default), Windows requires that you set up a complex password, because it can be hacked in the cloud. But you can also set up a PIN for convenience. This stays on your computer and never goes out into the Internet. Locally, a PIN is safe enough.

Even then, I wouldn’t recommend the common four-digit PIN. Use six or more.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon