Just how secure is your PIN number? According to a study by the data security blog Data Genetics, much more vulnerable than you might think.
Checking PIN passwords from databases that were released by hackers in the past, Nick Berry found that the 20 most popular ones compose more than 25 percent of all passwords in existence.
By far, the most popular password is 1234. “It’s staggering how popular this password appears to be. Utterly staggering at the lack of imagination,” Berry writes. “Nearly 11 percent of the 3.4 million passwords are 1234!”
The next most popular combination is 1111, clocking in at about 6 percent. Passwords made of repeating numbers like this are overwhelmingly popular. And in a real move of maturity, 6969 charts at number 10 on the list.
The least commonly used password? 8068, clocking in with a frequency of 0.000744 percent. Of course, just because this is currently the least used PIN, it doesn’t mean it’s a smart idea to rush out and change your numbers to that combination. In fact, that bit of knowledge comes with a warning from Berry.
“Now that we’ve learned that, historically, 8068 is (was?) the least commonly used password 4-digit PIN, please don’t go out and change yours to this!” he wrote. “Hackers can read too! They will also be promoting 8068 up their attempt trees in order to catch people who read this (or similar) articles.”
By pushing a number up their "attempt trees," Berry means hackers would give it more priority in the list of numbers they use to try and crack the password.
What is the take-home from all of this data? For one, never use 1234 as your PIN. But more generally, if your PIN is a series of easily guessable numbers, it’s probably a bad idea to use that flimsy piece of security to protect your banking information. If your number shows up in the top 20, it might be wise to change it.
Berry also chides developers who make data like this easily accessible to hackers. All of the information used in Berry’s study was found in unencrypted databases, meaning that once a developer or hacker has access to the database, no further methods are required to see any and all of the passwords available. That’s just bad security.
See much, much more raw data on PIM passwords at Data Genetics.