authentication – Security of the PIN code that says the words?


PayPal suggests that generating a PIN code by spelling words (on a numeric keypad, for example, (ABC) = 2) is a good method of security and memorization, for example, B-L-U-E-C-O-W = 2583269.

My knowledge of password security is limited and I did not find any information about it. Although these PIN codes are not completely random, it seems to me that they should be (depending on the words) fairly secure †, at least for what the PIN codes usually protect (only 4 to 8 digits) and with d & Other measures of such limited attempts.

† I just realized that 0 and 1 are not mapped to letters, so they may have to be inserted at random.

  1. Can we say anything directly about the security of the PIN codes that
    words?

  2. Has there been any research or attack on these types of PINs?