PIN and PUK codes: Security recommendations

A code envelope with the PIN and PUK codes was given to you with your digital identity card. You cannot use the ID-card (or other digital identity cards) without them.

Your certificates, i.e. your electronic identity, are protected for as long as your PIN and PUK codes don’t fall into the wrong hands along with your card.

What happens when someone tries to guess your PINs?

If you or someone else enters the wrong PIN three times in a row, it will be locked: this way, your ID-card is protected when someone is consistently trying to guess your codes.  Locked PINs can only be opened with a PUK code.

If you don’t know your PUK code and the PINs are locked, you must request a new code envelope with PIN and PUK codes.

You should change your PIN and PUK codes in the DigiDoc4 client immediately after you receive the new code envelope with the ID-card. The PIN and PUK codes issued to you automatically consist of a random sequence of digits and are difficult to remember, but keeping them in written format is not advisable for security reasons.

Select new PIN and PUK codes for yourself

When you select new PIN and  codes, you can also change their length. It’s important that the codes only consist of numbers and meet the following requirements:

  • PIN1 must consist of 4-12 digits 
  • PIN2 must consist of 5-12 digits 
  • PUK must consist of 8-12 digits 

Select codes that are easy for you to remember, but difficult for others to guess.

Don’t use number combinations that are too simple as your PINs, e.g. your date of birth or 0000, 1234, 1111 or similar. Make sure you don’t use the same code as your PIN1, PIN2 and PUK: every code should be unique!

Never share your PIN or PUK codes with others, even your family members. Even if they deserve your trust, they may accidentally get your codes locked, change them ‘for the sake of convenience’ or make them accessible by writing them down ‘just in case’.

However, if you still want to write down your PIN and PUK codes:

If you feel that writing down your PINs and PUK would be safer for you, make sure you do it in such a way that they cannot be easily used against you.

Don’t keep them near your card, e.g. in your wallet, near your computer, under the keyboard, attached to your phone or in your phone notes marked as “PINs”.

Mask your codes – find the system that works best for you. For example, you can mask them as phone numbers and add them to your contacts list under a made-up name; change them into geographic coordinates or account numbers, hide them in another long sequence of numbers, etc.