As you said, 4 digits is not enough to make something secure to a computer. 10,000 permutations is milliseconds of computation.The only reason it’s at all secure for a credit card is because you’re generally only using the PIN for in-person transactions where there are more practical limits on attempts (Narrator: “After 2 hours and 632 attempts, the cashier began to get suspicious…”), if not hard cut offs from the bank/processor for failed attempts. If we’re being realistic, as long as your PIN isn’t in the first 3-6 numbers they can try, it’s probably secure enough in itself. Theives want low hanging fruit. Easier to try to social engineer your PIN then to manually brute force it. As long as you’re avoiding the most obvious first attempt numbers, go ahead and use your dog’s birthday or your childhood home’s address. It’s fine.
As you said, 4 digits is not enough to make something secure to a computer. 10,000 permutations is milliseconds of computation.The only reason it’s at all secure for a credit card is because you’re generally only using the PIN for in-person transactions where there are more practical limits on attempts (Narrator: “After 2 hours and 632 attempts, the cashier began to get suspicious…”), if not hard cut offs from the bank/processor for failed attempts. If we’re being realistic, as long as your PIN isn’t in the first 3-6 numbers they can try, it’s probably secure enough in itself. Theives want low hanging fruit. Easier to try to social engineer your PIN then to manually brute force it. As long as you’re avoiding the most obvious first attempt numbers, go ahead and use your dog’s birthday or your childhood home’s address. It’s fine.