Quick PIN on mobile devices

The biggest problem with the mobile version of Passpack is typing a long Packing Key. People often type the wrong one and have to repeat the process. That’s painful on a touchscreen keyboard.

So, I have just released a solution that solves this problem: a 4 character  PIN that substitutes your Packing Key. This PIN is device specific, in other words, you set up a different PIN for each phone and tablet.

It works in a very simple way:

  • your Packing Key is encoded using a randomly generated key
  • the random key is stored in the local storage of the broswer on your device
  • the encrypted Packing Key is send to the our server with the PIN

Next time you login to Passpack on that device, you’ll be asked for the PIN instead of the Packing Key. You have 3 attempts to type the correct one. At the third mistake the PIN will be deleted and yo’ll need to type the Packing Key as usual.

When used with the Remember me option, this is a great time saver!

Managing PINs and devices

From the Settings page, you can see what devices you have already activated and, possibly, remove them.
This is particularly important if you lose your mobile device.

About security

Initially I was thinking to use a numeric touchpad, like the kind many apps use for PIN numbers. But the risk is that you could be tempted to use the same numeric PIN that you use to access your device – and that would be bad. We don’t want anyone who can enter your device to be able to enter your Passpack account as well.

For this reason, I decided to allow a text PIN. This way you have a really better PIN since you can use everything, included international characters. For example, your PIN can be a string like arfk or xsTT but you can also decide to use a crazy strong PIN like Aò高8 that would be impossible to be guessed in three attempt. This strongly increases the security as compared to, for example, an ATM PIN.

Note. The quick PIN system needs an HTML5 browser to work. If your browser is not compatible, you won’t see the option to activate the PIN.

8 Comments

  1. Lorenzo

    It’s always great when I see there’s a new post in Passpack blog, because I know that could be an announcement of some new wonderful features, like this one!

    Keep up the excellent work guys!!!!

  2. Goodness this is an awesomely cool announcement. I have SO been looking for something like this. I will try it on my IOS device tonight. Thank you!

  3. Johannes

    Is there anything to stop someone who had access to your device from extracting the encrypted packing key from localstorage, and brute-forcing it offline?

  4. Johannes

    Oops, just reread the announcement and realised that the packing key is not encrypted using the pin, and it is also not stored locally.

    Great feature!

  5. Dan Oneufer

    You are a mind reader! I was wishing for a feature like this because I tend to use a lengthy packing key. Great insight on your part and a smooth implementation.

  6. Dani

    No words, you guys rock! And above all I’m proud to see that there “a bit” of Italian creativity in your work!well done! Ciao

  7. pau

    Can I use this in a desktop browser?

  8. Francesco

    @pau
    It would work exactly the same on any HTML5 browser. But, right now, we haven’t enabled the PIN in the standard version. Do you think that it can be useful in some case?

Leave a Reply