Tech consultancy company DataGenetics has analysed the popularity of numeric passwords. What they found confirms previous research that most of our four-digit PINs are way too predictable. Check if yours is one of those mentioned in the report.
The data analysed came from exposed password databases. Data Consultancy filtered the results to just those that were exactly four digits long [0-9] and found nearly 3.4 million four-digit passwords. These are used as a proxy for users’ four-digit PIN codes. There are 10,000 possible combinations of digits from 0000 through 9999, and each of those were represented in the dataset.
So out of the 10,000 possible combinations for four-digit codes, which is the most popular? You guessed it: 1234. An alarming 11 per cent of the 3.4 million passwords are 1234.
The top 20 passwords account for nearly 27 per cent of the total.
Looking at the list at right, you’ll see that the numbers are all familiar, easily predictable patterns, such as 0000, 4321 and 1010. If you’re using the keypad to make a PIN pattern, such as 2580 going straight down, chances are hackers can guess that quickly too. Other high-frequency PINs are years and dates.
Expanding the analysis to all-numeric passwords (not just four-digit ones), guess which are the most popular? Yup, 12345 for five digits, 123456 for six digits and so on. (Ranked at #17 for the 10-digit password is 3141592654 — the first digits of Pi, so that’s at least a little more imaginative). [clear]
What about the least popular PINs? At the bottom at #10,000 is 8068 — but that’s not a great idea for your new PIN now that it’s been exposed. The 20 least popular PINs don’t appear to have any predictability.
The moral of the story, as with every password topic, is that we’re pretty bad at choosing truly random passwords and PINs. In the case of your credit or debit card PIN, having one that’s too common would obviously be an issue if a thief steals or finds your wallet, but ATM card skimming also means thieves don’t need your physical card to get into your bank account.
If your PIN number is too predictable or popular, see our article on PIN security and how to come up with four new numbers that are more secure.
PIN Analysis [DataGenetics]