

Google Wallet pin code can be cracked in as little as 18 minutes - adeelarshad82
http://www.pcmag.com/article2/0,2817,2393246,00.asp

======
wccrawford
How is this less secure than a credit card?

You have to have the phone (something I would notice was missing immediately,
unlike my CC which I would notice next time I bought something) and you have
to have a pin (which can be cracked relatively quickly, assuming it doesn't
delay between attempts or lock after a few failures). That's 2-factor
identification.

If there's also a requirement for photo ID, that's almost as good as 3-factor.
(Technically, 2 of these are 'something you have', but the photo helps push 1
towards 'something you are'.)

------
zitterbewegung
Thats assuming that all attempts take a fixed amount of time and there is no
lockout feature implemented. If google hasn't implemented this then this would
be trivial to implement so that your pin code takes far longer than 18 minutes
to crack.

------
PureSin
even with no lock out. When will someone have my phone for over 10 minutes
without me noticing? Especially if I'm out shopping, I'll be looking at my
phone fairly often.

~~~
ap3
but just because you notice it's missing doesn't mean you'll know where it is
or be able to get it back

------
willvarfar
so the question is, does it lock up if you fail three attempts?

------
electrichead
Unrelated, but did anyone else notice that the number "5683" was one of the
top 10 most common PINs? I can't think of a single reason why that would be.

~~~
j_m_f
It spells "LOVE" using the alphanumeric code on the keypad.

------
kragniz
This is just silly. The article just states the theoretical amount of time.
Google would disable any small attempt at brute force.

