Even if you add a fourth digit to the PIN, it can still be cracked in under two hours. How do modern cell phones, tablets, and teller machines deal with this problem and still keep PIN numbers short enough to be memorable? One technique they use is to only allow you a certain number of failed tries before making you wait a longer time.
Here is a terminal password example you can run on one micro:bit to understand how this process works.
# if_three_pin_fails_wait_an_hour from microbit import * sleep(1000) pin = '324' fails = 0 while True: message = input("Enter PIN: ") if message == pin: fails = 0 print("Access granted.") else: fails += 1 print("Access denied.") if fails > 2: print("Oops, 3 fails in a row!") print("Try again in an hour.") sleep(3600000) fails = 0
Assuming you didn’t have the ability to press and release the micro:bit module’s reset button after 3 incorrect tries, it would take 216 combinations x 1 hour/combination = 216 hours. You could further increase the security by having it make you wait a day before trying again, maybe after the 6th fail.
There is still a glaring vulnerability in this system! Any micro:bit listening on the same channel will still receive a correctly entered PIN. In other words, the PIN is still totally vulnerable to sniffing attacks!
Links
[1] https://learn.parallax.com/node/2284