Cracking Your PIN Code: Easy as 1-2-3-4
PUBLIC SERVICE, 24 Sep 2012
If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Not long, according to data scientist, Nick Berry, founder of Data Genetics, a Seattle technology consultancy.
Berry analyzed passwords previously from released and exposed password tables and security breaches and filtered the results to just those that were exactly four digits long [0-9]. There are 10,000 possible combinations that the digits 0-9 can be arranged to form a four-digit code. Berry analyzed those to find which are the least and most predictable. He speculates that if users select a four-digit password for an online account or other web site, it’s not a stretch to use the same number for their four-digit bank PIN codes.
What he found, he says, was a “staggering lack of imagination” when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed are 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). (Last year SplashData compiled a list of the most common numerical and word-based passwords and found that the “password” and “123456” topped the list.)
Berry says that a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). “It’s amazing how predictable people are,” he says.
We don’t like hard-to-remember numbers and “no one thinks their wallet will get stolen,” Berry says.
Days, months, years
Many of the commonly used passwords are, of course, dates: birthdays, anniversaries, the year you were born, etc. Indeed, using a year, starting with 19__ helps people remember their code, but it also increases its predictability, Berry says. His analysis shows that every single 19__ combination be found in the top 20% of the dataset.
“People use years, date of birth — it’s a monumentally stupid thing to do because if you lose your wallet, your driver’s license is in there. If someone finds it, they’ve got the date of birth on there. At least use a parent’s date of birth [as a password],” says Berry.
Somewhat intriguing was #22 on the most common password list: 2580. It seems random, but if you look at a telephone keypad (or ATM keypad) you’ll see those numbers are straight down the middle — yet another sign we’re uncreative and lazy password makers.
The least predictable password
The least-used PIN is 8068, Berry found, with just 25 occurrences in the 3.4 million set, which equates to 0.000744%. (See the second table for the least popular passwords.) Why this set of numbers? Berry guesses, “It’s not repeating pattern, it’s not a birthday, it’s not the year Columbus discovered America, it’s not 1776.” At a certain point, these numbers at the bottom of the list are all kind of “the lowest of the low, they’re all noise,” he says.
A few other interesting tidbits from Berry:
-The most popular PIN code (1234) is more popular than the lowest 4,200 codes combined.
– People have even less imagination in choosing five-digit passwords — 28% use 12345.
– The fourth most popular seven-digit password is 8675309, the Tommy Tutone song.
-People love using couplets for their PINs: 4545, 1313, etc. And for some reason, they don’t like using pairs of numbers that have larger numerical gaps between them. Combinations like 45 and 67 occur much more frequently than 29 and 37.
– The 17th-most common 10-digit password is 3141592654 (for you non-math nerds, those are the first digits of Pi).
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.
Click here to go to the current weekly digest or pick another article: