Security precautions for PINs and passwords are as follows:
1. PIN and passwords should not be written down.
2. If PINs or passwords are written down they must be stored securely and separately from the Smartcards that they protect.
3. It must not be possible for any one authorised individual to gain access to more than one PIN or password.
4. Obvious values must not be used, e.g. “1234”.
5. If a previously authorised individual becomes unauthorised, their PINs/passwords must be changed as part of a handover procedure.
6. If a PIN is compromised it must be invalidated.