Bootstrapping Mobile PINs Using Passwords
The authors describe a method of deriving PINs from passwords. The method is useful to obtain friction-free user on-boarding to mobile platforms. It has significant business benefits to organizations that wish to introduce mobile apps to existing users - but which are reluctant to make the users authenticate with passwords. From the user's perspective, a PIN is easier to enter than a password, and a derived PIN does not need to be remembered - assuming the user can recall her password. The use of tiered authentication - relying on both PINs and passwords - hardens systems against compromise.