4 digit PIN numbers are easy to hack if you allow continuous access.
One method I have used to seriously impede hackers is to allow only 3 consecutive tries, then lock out the keypad for some lengthy period, like about 10 minutes or so.
I implemented that about 25 years ago when writing one of the first smartcard operating systems for banking.
Mobile phones use an even more aggressive approach on their SIM card locks, delete the PIN after 3 tries, then ask for a service call to get an unlock code ( PUK ).
↧