
Is a 4 digit password with a predictable username secure? - Nullificus
There is a company I am with that has decided to keep my personal information (Full Name, Phone number, Email, DoB, Address, Full phone history, and billing information) behind a web system protected by only a 4-digit PIN.<p>They can&#x27;t remove this information for 45 days.
They can&#x27;t disable the PIN access.<p>My complaints are met with &quot;This is a standard and secure system&quot;<p>I think that maybe if I show them the responses here that action may be taken.<p>I&#x27;ve been waiting for 2 weeks for the &quot;Chief Privacy Officer&quot; to respond to my email.
======
CyberFonic
Probably can be brute forced within milliseconds. With that sort of design
decision I would guess there would be other gaping security holes that would
make even brute forcing the PIN an overkill.

