Products May 31, 2026

Why We Built PIN-Based Cashier Switching (Instead of Individual Logins)

In small cafes, 2-3 people take turns at the register in a single shift. Logging out and back in with email and password every time? Not realistic. Here's why we chose a 4-digit PIN.

C
CrescendPOS Team

The Problem We Saw

In most small Indonesian cafes, the cashier isn't one person standing at the register from open to close. What actually happens: person A works the morning, person B takes over when A goes on break, person C comes in for the afternoon. Sometimes the owner jumps on the register during rush hour.

With a POS that uses traditional login (email + password), every cashier switch means:

  1. Log out of person A's account
  2. Enter person B's email
  3. Enter person B's password
  4. Wait for loading
  5. Start taking orders

This takes 20-30 seconds — and during rush hour, that's an eternity. But the bigger problem isn't speed: cashiers in small cafes often don't have their own email address. Or they have one but never check it. Or they forgot the password.

A login system designed for office workers doesn't fit a cafe cashier who may have just finished high school and has never used email for work.

Why Not a Shared Account?

The most common workaround in many POS systems: one shared account. All cashiers use the same login, no differentiation.

This is simple, but creates new problems:

  • No way to track who did what. If there's a cash discrepancy at the end of a shift, who's responsible? No way to know
  • No accountability. If every transaction is recorded under "Cashier", nobody feels responsible for accuracy
  • No per-cashier performance data. Who's fastest? Who makes the most input errors? The owner has no data

So we needed something as fast as a shared account but still tracking individuals.

The Solution: 4-Digit PIN

We chose a 4-digit PIN because it's the sweet spot between speed and accountability:

  • Fast. Type 4 numbers, hit enter, done. Total time: 2-3 seconds. Compare that to 20-30 seconds for a traditional login
  • No email required. Each cashier just needs to remember 4 digits. No one needs to create an email account or remember a complex password
  • Still tracked. Every transaction is recorded under the cashier whose PIN was used. Per-cashier reports are clear
  • Easy for owners to manage. The owner can create a new PIN for a new cashier, or reset a forgotten PIN, directly from settings. No email invitations needed

The Common Question: "Isn't a 4-Digit PIN Insecure?"

A fair question. And the answer is: it depends on what you're securing.

A cashier PIN isn't protecting sensitive data or bank-level financial transactions. Its function is cashier identification — who's currently at the register. The threat model isn't external hackers; it's knowing which cashier made a mistake so you can train them better.

For this context, a 4-digit PIN is more than sufficient. And when you compare it to the real-world alternative — which is "no login at all because it's too cumbersome" — a 4-digit PIN is a massive security improvement.

For admin access, settings, and financial reports, we still use Devise authentication (email + password) with optional 2FA. PIN is only for cashier switching on the POS screen — different security layers for different needs.

How It Works in CrescendPOS

The flow in practice:

  1. POS shows the PIN screen (large numpad, optimized for tablets)
  2. Cashier enters their 4-digit PIN
  3. POS immediately switches to that cashier's session — menu ready, fresh cart, identity recorded
  4. When the next shift starts, the next cashier just enters their PIN — no need to log out the previous one

Importantly: a PIN switch doesn't delete any data. Orders being processed continue as normal. The only thing that changes is which cashier is recorded for the next transaction.

Design Details We Thought About

Some small design decisions that turned out to have a big impact:

  • Large numpad buttons. PIN buttons are designed to be large so there's no mis-tap on a 10-inch tablet. Fingers wet from making coffee? Still accurate
  • No hint about whose PIN was wrong. If a PIN is incorrect, the error message is generic: "Wrong PIN." Not "Wrong PIN for Cashier A." This prevents people from guessing others' PINs
  • Auto-lock after idle. If the POS is left unattended for a few minutes, the screen returns to the PIN screen. If the cashier forgets to lock, the system does it for them
  • PINs are hashed. PINs are stored in the database as bcrypt hashes — same as passwords. Nobody can see the actual PIN, including us

Why This Matters for Small Cafes

The PIN switching feature might look simple — and that's exactly the point. For large cafes with enterprise systems, this might not seem like a big deal. But for small Indonesian cafes where:

  • Cashiers switch 2-3 times a day
  • The owner often jumps on the register
  • Staff may not be tech-savvy
  • Speed of switching matters because customers won't wait

The difference between a 30-second login and a 3-second PIN isn't just about seconds — it's about whether cashiers actually bother to log in or skip it because it's too cumbersome. And if they skip, you lose all tracking data.

The best design isn't the most sophisticated — it's the one most likely to be consistently used by the people who actually use it.