I’m going to use data condensed from released/exposed/discovered password tables and security breaches. Obviously, I don’t have access to a credit card PIN number database. I’m not going to sell, donate or release the source data – don’t ask! Source Please do not email me asking for the database I used if you do, you will be wasting your time as I’m not going to respond. I do not want to be an enabler for script-kiddies. I will only disclose data sufficient to make my points, and will try to avoid giving specific data outside of the obvious examples. This article is not intended to be a hacker bible, or to be used as a utility, resource, or tool to help would-be thieves perform nefarious actions. I hope this article will scare you into being a little more careful in how you select your next PIN number.Īre you curious about what the least commonly used PIN number might be? People are notoriously bad at generating random passwords. The 17th most common 10-digit password is 3141592654 (for those of you who are not math nerds, those are the first digits of Pi). Combinations like 45 and 67 occur much more frequently than 29 and 37. And for some reason, they don't like using pairs of numbers that have larger numerical gaps between them. People love using couplets for their PINs: 4545, 1313, etc. The fourth most popular seven-digit password is 8675309, inspired by the Tommy Tutone song. People have even less imagination in choosing five-digit passwords - 28% use 12345. The most popular PIN code (1234) is used more than the lowest 4,200 codes combined. (See the second table for the least popular passwords.) Why this set of numbers? Berry guesses, "It's not a repeating pattern, it's not a birthday, it's not the year Columbus discovered America, it's not 1776." At a certain point, these numbers at the bottom of the list are all kind of "the lowest of the low, they're all noise," he says.Ī few other interesting tidbits from Berry: The least-used PIN is 8068, Berry found, with just 25 occurrences in the 3.4 million set, which equates to 0.000744%. It seems random, but if you look at a telephone keypad (or ATM keypad), you'll see those numbers are straight down the middle - yet another sign that we're uncreative and lazy password makers. Somewhat intriguing was #22 on the most common password list: 2580. At least use a parent's date of birth ," says Berry. If someone finds it, they've got the date of birth on there. "People use years, date of birth - it's a monumentally stupid thing to do because, if you lose your wallet, your driver's license is in there. His analysis shows that every single 19_ combination be found in the top 20% of the dataset. Indeed, using a year, starting with 19_, helps people remember their code, but it also increases its predictability, Berry says. Many of the commonly used passwords are, of course, dates: birthdays, anniversaries, year of birth, etc. We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says. "It's amazing how predictable people are," he says. (Last year SplashData compiled a list of the most common numerical and word-based passwords and found that "password" and "123456" topped the list.)īerry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). Nearly 11% of the 3.4 million four-digit passwords he analyzed were 1234. What he found, he says, was a "staggering lack of imagination" when it comes to selecting passwords. He speculates that, if users select a four-digit password for an online account or other web site, it's not a stretch to use the same number for their four-digit bank PIN codes. Berry analyzed those to find which are the least and most predictable. There are 10,000 possible combinations that the digits 0-9 can be arranged into to form a four-digit code. If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Quite easy, according to data scientist Nick Berry, founder of Data Genetics, a Seattle technology consultancy.īerry analyzed passwords from previously released and exposed tables and security breaches, filtering the results to just those that were exactly four digits long. Some interesting observations (and a little speculation).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |