Reply To: 4-digit PIN login on mobile web platform

[__]

have you considered maybe giving each user a unique string of 5-8 random characters, including 0-9, a-z, and A-Z? It would be more secure than simple 4 digit PINs

True, but not significantly more secure. Even 8-character passwords cannot be considered “secure” at this point: computers are just too fast. But nkrisc is right: even if security is not an issue, only four digits to identify users is going to cause problems very quickly (statistically speaking, simple typos will lead to people being mis-identified once you have two or more matching numbers in a pin).

If you want any semblance of security, passwords need to be user-chosen, greater than eight characters (i.e., 16+ characters), and unrestricted in length and character choice. (And not famous “quotes” or song lyrics. : )