Abstract or Summary:
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated PINs, using computers to generate random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system generated, and longer (than traditional 4-digit) PINs, the impact on memorability of such PINs is not really known.

We conducted a large-scale online user study to investigate how memorability can be affected by increasing the PIN length, and how number chunking techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability. Our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability, but that there is no significant difference between 6-, 7-, and 8-digit PINs. Our results also show that chunking can improve memorability of system-generated PINs. For example, 8-digit PINs broken into three chunks of 2-2-4 digits (00—00—0000) outperformed non-chunked 6-, 7-, and 8-digit PINs in long-term memorability, without much increase in the time taken to authenticate. Our study shows that chunking is a cheap, practical, yet effective solution that can be implemented with a few small modifications on the front-end user interface.