Library PIN

I joined our local library recently because, unlike Milton where we had to make do with a mobile library two days a month, Nairn has a little library in the High Street with two members of staff, Internet access on both PCs and WiFi, the works.

They give you a library card with your membership number on it as a card code¹ and also give you a slip of paper with your PIN written on it so you can access their online services, of which there are several and rather good they are too.

If you do log in to their web site you can also change the PIN to another one of your own devising. All pretty standard stuff so far then and normally, wearing my security hat, I advise anyone to change any password they're given to another one of their own devising ASAP.

But not this time and here's why.

I was in the library this week trying to access the WiFi and it wouldn't accept my membership number and PIN. So I wandered over to the counter and she scanned my membership card to read the number off it.

"So are you sure you entered 9999?" she asked, where 9999 was the PIN they'd allocated to me. Which suggests that she can see what my PIN is, presumably also including my new PIN if I've changed it.

Now in itself this isn't really a problem: I'm not really concerned about someone "hacking" my library account as the damage they can do is pretty limited (and hence I'd not bothered changing my PIN).

But here's the thing: people find it hard enough remembering one PIN, let alone several. So how many of their users do you think are changing their library PIN to be the same as their online banking PIN or credit card PIN?

1. 14 digits long, so I think that's enough for about 10,000 for every person on the planet (I may have lost an order of magnitude somewhere but you know what I mean).