Introduction to the PIN
The PIN is a set of digits set during the initialization of the OneKey hardware wallet to prevent unauthorized access. It functions similarly to a bank card password and should be kept known only to you.
Many users worry that if their PIN is not highly complex, the device might be easier to crack. In reality, the security of a hardware wallet does not depend solely on the length of the PIN, but on the device's inherent security mechanisms, incorrect entry limits, and whether the user keeps the device properly secured.
PIN Protection Mechanism
In the latest firmware versions, the OneKey PIN design is as follows:
OneKey Classic series: Supports a 6 - 9 digit PIN
OneKey Pro / Touch: Supports a 6 - 50 digit PIN
If someone else obtains your device, they cannot directly access the assets within. The device itself has limits on incorrect entries; after a certain number of consecutive failed PIN attempts, the device will automatically wipe its data and reset.
In the latest firmware, 5 consecutive incorrect PIN entries will trigger a device reset. The purpose of this mechanism is to significantly increase the cost of a brute-force attack.
The Probability of a Single PIN Collision Is Very Low
Even with just a simple PIN, the probability of it being guessed randomly remains extremely low.
Taking a 6-digit PIN as an example, there are theoretically 1,000,000 combinations. If an attacker only has 5 attempts, the probability of a successful random guess is approximately 5 / 1,000,000, which is about 0.0005%.
If a longer PIN is used, the number of theoretical combinations increases further, and the probability of a successful guess becomes even lower. Therefore, in real-world scenarios, the possibility of a PIN being cracked by brute force is extremely low.
Balancing Security and Usability
If a PIN is set to be overly complex, the effort required for daily use increases significantly, which can negatively impact the user experience.
For hardware wallets, a solution that is sufficiently secure while also convenient to use correctly is generally more suitable for long-term use than a solution that is "theoretically stronger but burdensome to use."
The goal of security design is not just to raise the theoretical barrier, but more importantly, to enable users to use the device consistently, stably, and correctly in the long run.
Setting a More Secure PIN
It is recommended to choose a PIN that is easy for you to remember but difficult for others to guess. At the same time, please try to avoid the following types of PINs:
Overly simple digit combinations, such as 1234
Numbers strongly related to personal information, such as birthdays
Repeating digits or sequential numbers
Proper Habits for Use
Keep the device in a secure place where it cannot be touched by others.
Do not tell your PIN to anyone.
Pay attention to your surroundings when entering your PIN; in public places or when others are present, be careful to shield the input process to avoid observation.
Do not sacrifice security for "convenience." Choosing a PIN that you can remember while remaining hard for others to guess will be more conducive to long-term secure use.
Handling a Forgotten PIN
The PIN is independent of your wallet recovery phrase. If you forget your PIN, as long as you have safely stored your recovery phrase, you can reset the device, restore your wallet using the recovery phrase, and set a new PIN during the recovery process.
Risk Control After Device Loss
If your OneKey device is lost, there is no need for excessive panic. Even if someone obtains physical access to the device, they are still limited by the PIN and the device's protection mechanisms, meaning they cannot immediately access your assets.
You generally have time to transfer your funds to a new, secure wallet.