Skip to content

Pin Code

Overview

Pin Code protects PIN entry with a randomized keypad and mouse click-based input to outsmart keyloggers and safeguard user access. This system ensures that PINs are never typed or exposed, delivering strong protection with seamless usability across all tiers, Free, Inheritance, Sovereign, and HighRisk.

In UnoLock, the PIN is not the main authentication factor and it is not the password that encrypts your Safe data. WebAuthn access keys are the primary authentication model. The PIN is an additional control that helps resist brute-force access attempts and supports deniability-related features.

How It Works

  • Randomized Keypad Generation: For each login session, the server generates a unique keypad image with numbers 0-9 and letters A-F, randomized in position to prevent predictable input patterns.
  • Mouse Click-Based Input: Users enter their pin by clicking the keypad’s characters on-screen, bypassing keyboard input to render keyloggers ineffective.
  • Server-Side Decoding: Clicked positions are sent to the server, which decodes them using the session’s randomized keypad layout, ensuring the pin itself is never transmitted or exposed.
  • Secure Transmission: Click data is transmitted via TLS 1.3-encrypted channels, protecting against interception during the authentication process.
  • Intuitive User Interface: The keypad’s visual design is user-friendly, allowing seamless pin entry through clicks, balancing advanced security with effortless usability.
  • Brute-Force Control Layer: PIN handling adds rate-limiting and attempt-friction around local access flows, which matters because the cryptographic model does not depend on a reusable password.

Security Implications

  • Keylogger Protection: By eliminating keyboard input, Pin Code ensures keyloggers cannot capture pins, thwarting malware-based attacks in risky environments.
  • Session-Specific Randomization: The ever-changing keypad layout prevents attackers from mapping inputs across sessions, enhancing authentication security.
  • PIN Is Not the Root Secret: the PIN is not the cryptographic key that encrypts Safe data and is not a substitute for WebAuthn access keys.
  • Brute-Force Resistance: controlled PIN entry and throttling help block repeated guessing attempts against protected local access flows.
  • Deniability Support: PIN-based controls also support related features such as duress and deletion flows where different PIN behavior has security meaning.

Use Cases

  • High-Risk Environments: Users in malware-prone settings (e.g., public or compromised devices) can authenticate securely without exposing their pin to keyloggers.
  • Corporate Security: Businesses can protect employee access to sensitive Safes, ensuring robust authentication even on potentially infected systems.
  • Everyday Privacy: Privacy-conscious individuals can log into their UnoLock Safe with confidence, knowing their pin is shielded from cyber threats.

Why It Matters

Pin Code matters because UnoLock does not fall back to a normal password-centric model. WebAuthn authenticates access, client-side encryption protects data, and the PIN adds a separate barrier against brute-force attempts and coercion-related workflows.

FAQs

Can keyloggers capture my Pin Code input?

No, Pin Code uses mouse click-based input on a randomized keypad, ensuring keyloggers cannot record your pin, as no keystrokes are involved.

Is the PIN my Safe password?

No. UnoLock does not use a normal password as the main secret for Safe access. WebAuthn access keys are the primary authentication factor, and the PIN is a separate protective control.

Is the Pin Code system easy to use for non-technical users?

Yes, the visual keypad and click-based interface are designed for simplicity, making secure authentication intuitive for all users.

How does UnoLock ensure the Pin Code remains secure during transmission?

Clicked positions are transmitted via TLS 1.3-encrypted channels and decoded server-side using the session’s unique keypad layout, protecting the pin from exposure.

Compliance & Privacy Regulations

  • GDPR Compliance: Pin Code supports GDPR by avoiding cleartext pin storage and using encrypted transmission, ensuring user authentication data remains private and secure.

Integration with Other Features

  • FIDO2 & Biometric Login: Complements Pin Code by providing the primary passwordless authentication model for Safe access.
  • End-to-End Encryption: protects messaging and protected API payloads independently of the PIN.
  • Client-Side Encryption: keeps Safe data encrypted without turning the PIN into the cryptographic root secret.

Back to Features Overview