diff --git a/ChangeLog b/ChangeLog
index dc9a9dc..920f8c1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-28  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/gnuk.h (OPENPGP_CARD_INITIAL_PW3): New.
+	* src/ac.c (verify_admin_0): Use OPENPGP_CARD_INITIAL_PW3.
+
 2010-10-23  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* Version 0.3.
diff --git a/src/ac.c b/src/ac.c
index 8f39747..3f10fa4 100644
--- a/src/ac.c
+++ b/src/ac.c
@@ -191,10 +191,11 @@ verify_admin_0 (const uint8_t *pw, int buf_len, int pw_len_known)
 	}
     }
   else
-    /* For empty PW3, pass phrase should be "12345678" */
+    /* For empty PW3, pass phrase should be OPENPGP_CARD_INITIAL_PW3 */
     {
-      if ((pw_len_known >=0 && pw_len_known != 8)
-	  || buf_len < 8 || strncmp ((const char *)pw, "12345678", 8) != 0)
+      if ((pw_len_known >=0 && pw_len_known != strlen (OPENPGP_CARD_INITIAL_PW3))
+	  || buf_len < strlen (OPENPGP_CARD_INITIAL_PW3)
+	  || strncmp ((const char *)pw, OPENPGP_CARD_INITIAL_PW3, 8) != 0)
 	/* It is failure, but we don't try to lock for the case of empty PW3 */
 	return -1;
 
diff --git a/src/gnuk.h b/src/gnuk.h
index 7cdc30d..d021eec 100644
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -219,6 +219,12 @@ extern void set_led (int);
 
 extern uint8_t pw1_keystring[KEYSTRING_SIZE_PW1];
 
+#if !defined(OPENPGP_CARD_INITIAL_PW1)
 #define OPENPGP_CARD_INITIAL_PW1 "123456"
+#endif
+
+#if !defined(OPENPGP_CARD_INITIAL_PW3)
+#define OPENPGP_CARD_INITIAL_PW3 "12345678"
+#endif
 
 const uint8_t openpgpcard_aid[17] __attribute__ ((aligned (1)));