By Melanie Pinola, Lifehacker – September 19, 2012 at 12:00PM
Tech consultancy company DataGenetics has analyzed the popularity of numeric passwords. What they found confirms previous research that most of our four-digit PINs (e.g., for credit and debit cards) are way too predictable. Check if yours is one of those mentioned in their report.
The data analysed came from exposed password databases. Data Consultancy filtered the results to just those that were exactly four digits long [0-9] and found nearly 3.4 million four-digit passwords. These are used as a proxy for users’ four-digit PIN codes. There are 10,000 possible combinations of digits from 0000 through 9999, and each of those were represented in the dataset.
So out of the 10,000 possible combinations for four-digit codes, which is the most popular? You guessed it: 1234. An alarming ~11% of the 3.4 million passwords are 1234.
The top 20 passwords account for nearly 27% of the total.
Looking at the list at right, you’ll see that the numbers are all familiar, easily predictable patterns, such as 0000, 4321, and 1010.
If you’re using the keypad to make a PIN pattern (e.g., 2580 going straight down), chances are hackers can guess that quickly too.
Other high frequency PINs are years and dates (e.g., MMDD).
Expanding the analysis to all-numeric passwords (not just four-digit ones), guess which are the most popular? Yup, 12345 for 5 digits, 123456 for 6 digits, and so on. (Ranked at #17 for the ten-digit password is 3141592654—the first digits of Pi, so that’s at least a little more imaginative).
What about the least popular PINs? At the bottom at #10,000 is 8068—but that’s not a great idea for your new PIN now that it’s been exposed. The twenty least popular PINs don’t appear to have any predictability.
The moral of the story, as with every password topic, is that we’re pretty bad at choosing truly random passwords and PINs. In the case of your credit or debit card PIN, having one that’s too common would obviously be an issue if a thief steals or finds your wallet, but ATM card skimming also means thieves don’t need your physical card to get into your bank account.
If your PIN number is too predictable or popular, see our article on PIN security and how to come up with new numbers that are more secure.
PIN Analysis | DataGenetics
Photo by Cory Doctorow