OK, Wii Fit isn’t exactly the most critical application out there, so it’s not too much of a worry if things aren’t locked down completely. However, the security methodology used is just so utterly pathetic that it’s simply disconcerting that it was permitted.
In Wii Fit, you have the option of setting a password for your character and information in order to protect your daily progress. It uses a four-digit pin, which while not very strong, it’s passable for this situation. What’s not passable, however, is what happens if you fail to enter it correctly in three attempts.
After three failed logins, you are prompted to enter your height. What I thought, at first, was that this was a measure to ensure you’re you, or be locked out from guessing. What happens, though, if you guess wrong is that you can just keep trying.
What happens if you get it right? It logs you in, where you can then change the password without knowing the original.
Given a person between 5’0 and 7’0, that’s a mere 24 combinations–you could brute force that in 5 minutes.
As long as you’re going to add the feature to the game, at least give it the slightest bit of consideration.