I'm currently developing a system which has a functionality where clients can view details of their purchases/renewals/etc by supplying a PIN "number".
A PIN is being used instead of login information because of the type of clients we're targeting. The PIN is printed on documents sent to them.
The view shown when they supply the PIN does not reveal highly sensitive information such as credit card etc, but less sensitive one such as product name, type, price, barcode, repairs etc.
The issue in question is the PIN. I opted to using a random 5 character PIN (0-9, a-z A-Z) - case sensitive. Я удалю несколько гомоглифов ('I', '1', 'l', '0', 'O', 'rn', 'vv'), поэтому фактическое количество комбинаций на самом деле ниже.
У меня есть пара вопросов по этому поводу: