Why is there no PIN?

We wanted Sesame to be add-on security, but without making it unpleasant to use. We could have added a PIN on the cards, but that would have made the solution harder to use.

This simplification is very mild. A service requiring Sesame codes can demand that additional data be provided, for example normal account access before the codes can be used, or an additional field requesting a PIN. We advise this course of action.

The Sesame solution is the simplest way to add hardware to a solution. It is hardware that must be physically used to generate the proper code sequence, and the cards protect their internally kept secrets very well to avoid copying of the hardware.

In other words, Sesame makes it possible to demand phyisical control over a bit of hardware, but it does not replace an existing security solution. This is practical because the existing solution is usually well-integrated, because people are already accustomed to it, and quite simply because it already works.