PIN Based Authentication

Dear All,
Currently, my golang based backend uses username and password challenge for user authentication. But while developing a point of sale based application front end, there is a need for secure PIN based authentication. that means, the user would just enter a 4 digit PIN in the login window to authenticate with backend API before sending back JWT tokens for further transactions. The ultimate aim is to reduce the time spending on entering the user login and password which is less desirable for a POS. Can you please guide golang implementation specific such as any library name to achieve this goal in secure manner or how to implement it?

Thanks,
Muhammed Afsal

A four digit PIN is not different from an (insecure) password.

I fail therefore to see why you can’t reuse your current code.

It’s of course different if the PIN is actually baked by some hardware, though in that case more information is required.

Like what kind of hardware.

Here are a few things you can do to implement PIN-based authentication in Golang in a secure manner:

Use a strong hashing algorithm. When storing the user’s PIN, use a strong hashing algorithm such as bcrypt. This will make it much more difficult for an attacker to crack the PIN if they gain access to the database.

Limit the number of incorrect PIN attempts. After a user has entered an incorrect PIN a certain number of times, lock their account. This will prevent an attacker from brute-forcing the PIN by repeatedly trying different values.

Require the user to enter their PIN periodically. You can require the user to enter their PIN periodically, such as every 20 or 30 minutes. This will help to prevent an attacker from gaining access to the account if they steal the user’s device.

Use a secure PIN entry mechanism. When the user enters their PIN, use a secure PIN entry mechanism such as a numeric keypad or a fingerprint scanner. This will help to prevent an attacker from shoulder surfing or capturing the PIN using a keylogger.

Here are some libraries that you can use to implement PIN-based authentication in Golang:

• The Go Programming Language - This library provides a bcrypt implementation for Golang.

• GitHub - dgrijalva/jwt-go: ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at: - This library provides a JWT implementation for Golang.

Here is an example of how you could implement PIN-based authentication in Golang using the bcrypt library:

func hashPIN(pin string) string {
    // Generate a salt.
    salt := bcrypt.GenerateSalt(10)

    // Hash the PIN using the salt.
    hashedPIN, err := bcrypt.HashPassword(pin, salt)
    if err != nil {
        panic(err)
    }

    // Return the hashed PIN.
    return hashedPIN
}

func verifyPIN(pin, hashedPIN string) bool {
    // Check if the PIN matches the hashed PIN.
    err := bcrypt.CompareHashAndPassword(hashedPIN, pin)
    return err == nil
}`

This will hash the PIN using the bcrypt algorithm and store the hashed PIN in the database. When the user enters their PIN, the code will check if the PIN matches the hashed PIN in the database. If the PIN matches, the code will return true. Otherwise, the code will return false.

Once you have implemented PIN-based authentication, you can use JWT tokens to secure access to your application. JWT tokens are a secure way to transmit information between a client and a server. They are signed using a secret key, which makes them difficult to forge.

Please Note. This is just a basic overview of how you can implement PIN-based authentication in Golang

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.