What are the actual reasons behind splitting what seems to be just a simple username into separate pin and keyword?
Related: Is the password also a part of what’s used to create the hash to look up my record? I saw @Seneca mention that in a thread long ago, but I’m not quite sure it is correct (or that it is still correct.)
PIN+Keyword is used to identify your details
PIN+PASSWORD is used for the crypto to secure you details.
If they do not match up then nothing is retrieved.
You can keep same name/password and have separate accounts if different PINS and examining the traffic cannot tell that the usernames are the same. (password doesn’t need to be the same if use different pins)
David did mention that you can have an account to “give to the authorities” that is different to normal, but is the same username/password as normal. Thus a whistle blower can keep his/her real account safe.
(Please forgive me if there is a mistake in that. I looked for the post that explained it better but cannot find it at the moment)
Is there any official documentation that explains this clearly? It seems to be a point of confusion for new people.