Is a 4 digit password with a predictable username secure?

2 points by Nullificus ↗ HN
There is a company I am with that has decided to keep my personal information (Full Name, Phone number, Email, DoB, Address, Full phone history, and billing information) behind a web system protected by only a 4-digit PIN.

They can't remove this information for 45 days. They can't disable the PIN access.

My complaints are met with "This is a standard and secure system"

I think that maybe if I show them the responses here that action may be taken.

I've been waiting for 2 weeks for the "Chief Privacy Officer" to respond to my email.

1 comment

[ 3.1 ms ] story [ 10.5 ms ] thread
Probably can be brute forced within milliseconds. With that sort of design decision I would guess there would be other gaping security holes that would make even brute forcing the PIN an overkill.