I am generating a list of pins to protect access to an online course
registration system. Right now the system is protected by a 6 digit PIN
number. But with a large number of active pins sitting in my database, each
representing "authenticated access" to a particular product, I'm wondreing what
the security risk is of using a 6 digit numeric pin for providing access? Or
should I increase the security by protecting each product with an 8 digit
alphanumeric pin?

If I decided to use a 6 digit numeric pin, the having lower numbers (E.g. 400)
of active pins in the database, and refilling the database frequently seems
more secure then say adding 4000 pins, which makes trying to hack the system by
matching an active pin easier.

I guess it would still be pretty hard to find a pin match with 4000 pins using
6 digit numeric. Or should I use an 8 digit numeric?

Hrmmm, your thoughts and comments are appreciated. I would like to know
about any best practices or standard measures of security for this kind of
application. The risk is if someone hacks the system and discovers a pin,
he/she could possibly register for a course costing hundreds or thousands of
dollars. I know that a counter measure is to compare the registration with the
payment receipt, but I would like as much security at the Login as I can get
away with, without causing a hassle to the end user.

Screen shot of the login page (coded in Cold Fusion) is here:
[url]http://gallery.photo.net/photo/3177449-lg.jpg[/url]