2.5 Do not require users to remember a fixed supplied PIN

Rationale for this guideline.
Directions and techniques for not requiring a fixed supplied PIN.
How to check not requiring a fixed supplied PIN.

If access to the device or service requires using a PIN, do not require users to remember one that has been supplied to them but not chosen by them.

Rationale

In Europe, over 25 million people have dyslexia to the extent that they cannot reliably remember and use a four digit PIN, unless they can choose their own number.

In addition, people with intellectual impairment may have a problem keeping the number secret, so a biometric identification method would be more suitable for them.

Directions and Techniques

Allow the user to select their own PIN

Either allow the user to make up a PIN when they register or, if one is supplied to them, allow them to change it at any time or at least the first time they use the device or service.

Provide an alternative access method

Consider providing an alternative access security mechanism such as biometric identification for users who find PIN numbers difficult to remember.

How you could check for this:

There are no specific test methods recommended for this guideline.