Docs

Guides

Blog

Tools

Token2 FIDO2 PIN+: See the PIN Complexity in action

In today's world, where cybercrime is on the rise and data breaches are becoming increasingly common, it's more important than ever to protect sensitive data with strong authentication mechanisms. However, many security keys available on the market today only enforce PIN length, but not complexity. For example, even a FIPS-certified security key might only require a minimum PIN length of 6 digits, without any restrictions on the choice of numbers. This can lead to users choosing easily guessable PINs such as 111111 or 123456, which can compromise their security.  That's where the Token2 FIDO2 PIN+ Series comes in. It is designed to enforce strong PIN complexity at the firmware level, which goes beyond the current FIDO2 standards that only define enforcing PIN length and not complexity. This ensures that users cannot choose weak, easily guessable PINs that could be easily compromised.
PIN+ keys implement specific complexity rules for both numeric and alphanumeric PINs. Here are the rules explained:


For numeric PINs:

  • The minimum length of the PIN must be 6 digits. It can be increased using a tool, but it cannot be decreased. The lowest possible minimum length is 6 digits.
  • Sequential numbers in ascending or descending order are not allowed. For example, 123456 or 654321 are not valid PINs. Similarly, repeated digits like 111111 are also not allowed.
  • "Mirror" or palindrome numbers such as 321123 or 69233296 are not allowed.
  • There should not be more than 3 repeating digits out of the 6 digits. For instance, 111123 or 990000 are not permitted.

For alphanumeric PINs:

  • The minimum length of the password must be 10 characters.
The password must contain characters from at least two of the following four categories:
  • Uppercase characters A-Z (Latin alphabet)
  • Lowercase characters a-z (Latin alphabet)
  • Digits 0-9
  • Special characters (!, $, #, %, etc.)
Only ASCII characters are accepted for alphanumeric PINs in earlier firmware releases. Release 3.1 and newer accept Unicode characters.

These groundbreaking FIDO2 keys offer enhanced PIN complexity rules, surpassing even competitors with FIPS certification.
Our competitor has recently implemented PIN complexity enforcement in their latest firmware. We've analyzed their rules and updated our complexity checker accordingly. You can now verify if the PIN you enter meets the criteria for our PIN+ keys, FIPS keys, and the latest firmware keys from the competitor. Spoiler: Our PIN rules remain stricter, ensuring that our PIN+FIDO2 security key is the most secure option on the market. Please note that this verification is based on publicly available documentation, as the competitor's PIN complexity option appears to be available only with an Enterprise subscription, which requires a large minimum order quantity.

Numeric vs Alphanumeric PINs

The device offers two types of PINs—numeric and alphanumeric—to balance user convenience and security. Numeric PINs, with a minimum length of 6 digits, are user-friendly but less secure due to fewer possible combinations. In contrast, alphanumeric PINs require at least 10 characters, offering significantly enhanced security through a larger set of possible combinations. This design allows users to choose their preferred level of security without additional configuration settings, making the device both flexible and secure.
 

PIN Complexity Checker

The tool below emulates the complexity check implemented on our PIN+ firmware. You can enter a PIN to see if it meets the specified complexity requirements. This tool emulates our standard PIN+ rules, which require a minimum PIN length of 6 digits. Please note that we also have a different version of PIN+ firmware, PIN+ Octo, that enforces a minimum PIN length of 8 digits.





or try the examples below: