The first line of defence against attack is often the password, and in many systems it is the only form of identification. PINs or Personal Identification Numbers are really a form of very simple password.

The fundamental problem with passwords is that humans tend to create memorable passwords, which often means that they are also guessable. A password that can be guessed merely by checking against every word in a dictionary, or against a list of common first names, provides very little security for the user who selected it.

To combat this, users are often forced to create more secure, more “difficult” passwords, which unfortunately are also more forgettable. In many situations, a password that needs to be written down also offers minimal security.

Passwords are also extremely vulnerable to attacks such as key-logging, remote cameras and over-the-shoulder observations, especially true for PINs.