Here is an extract from the IBTRM (Internet Banking and Technology Risk Management Guidelines) June 2008 published by MAS (Monetary Authority of Singapore) :
"PIN should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once."
Can you see what is wrong with the above recommendation? Well, if you do not get it, I will explain in the next post.
The full guideline is available via: