Why We Built PIN-Based Cashier Switching (and What It Means for Accountability)

The Problem We Kept Hearing

When we started talking to cafe owners about POS systems, one thing came up repeatedly: switching between cashiers was a hassle. Logging out of one account, logging into another — email, password, sometimes forgotten passwords, sometimes typos. During rush hour, this could eat up 30 seconds to a minute.

30 seconds doesn't sound like much. But if you've ever stood in a line that isn't moving because the cashier is staring at a login screen, you know it feels like forever.

What's worse: because logging in was such a pain, many cafes just stopped switching accounts altogether. Everyone used the same login. And that's where accountability disappeared.

Why Not Email-Password?

Email-password is the industry standard for authentication. And for admin panels, dashboards, or remote access — it still makes sense. You need a strong security layer because the access point could be anywhere.

But a cashier is standing in front of a device that's inside your shop. They're not logging in from the cafe next door or from home. The physical context is already constrained — only people who are at the location can touch that device.

In this context, email-password is overkill that backfires. It's too secure for the use case, to the point where people bypass the security entirely (sharing one account).

4-Digit PIN: The Sweet Spot Between Speed and Security

We decided on a 4-digit PIN for cashier switching. Here's why:

• Fast. A 4-digit code takes 1-2 seconds to enter. No keyboard popping up, no text field, no "forgot password." A numpad appears, you type your PIN, you're in.
• Easy to remember. Each cashier picks their own PIN. Four digits is simple enough to remember, even for staff who aren't tech-savvy.
• Secure enough for the context. PINs are hashed with bcrypt in the database — so even we as developers can't see anyone's PIN. And since access is limited to the physical device at the shop, four digits is sufficient to identify who's operating the register.

We know 4 digits isn't as strong as a 16-character password. But we're not trying to stop internet hackers — we're trying to make sure every transaction can be traced to the right person. For that, a PIN is enough.

What Changed After PIN Switching

Shift handoffs became instant. Cashier A finishes, cashier B taps their PIN — live immediately. No downtime, no customers waiting for a login screen. The operational flow becomes seamless.

Every transaction has a name. Every order, every void, every discount — recorded under the cashier who did it. Not some anonymous "store account," but "Rina" or "Budi."

Shift reports became meaningful. Because each cashier has their own identity, shift reports can be broken down per person. You can see who handled how many transactions, whose cash discrepancy was smallest, who had the most voids.

People stopped sharing accounts. This is the most impactful change. When switching cashiers is as fast as tapping a PIN, the excuse "logging in is too annoying" disappears. People naturally use their own accounts because it's easier than not using them.

Some Technical Details You Might Find Interesting

A few technical decisions we made along the way:

• PINs are hashed, not stored in plain text. We use bcrypt — the same library used for passwords. Your cashier's PIN is secure even from us.
• Managers can reset PINs. If a cashier forgets their PIN, no need to call support. A manager can set a new one directly from the admin panel.
• Custom numpad for PIN entry. We didn't use the device's standard keyboard that pops up and pushes content around. We built a custom numpad that's integrated into the UI — fixed on screen, no layout shifts.
• Non-intrusive lock screen. After idle time, the screen locks but doesn't exit the POS. The cashier just taps their PIN to unlock — no need to re-navigate to where they were.

What We Heard from the Field

From conversations with cafe owners using this system, one theme is consistent: they're surprised by how much impact such a small change has.

"My cashiers used to share one account. Now everyone uses their own PIN and they actually prefer it — because when there's a discrepancy, they can prove it wasn't them."

That insight comes up often. Accountability isn't just a tool for owners to monitor — it's also protection for honest cashiers. They have data proving their work was done right.

What This Taught Us

PIN-based switching taught us something important about product design: security that's too strong for its context doesn't make people safer — it makes them bypass security entirely.

A right-sized solution — one that matches its context of use — is always more effective than a technically superior solution that isn't practical in the field.

When you're building something for people who stand 8 hours a day behind a counter, your solution needs to be as realistic and as fast as their work. Not slower.