The next time you choose a PIN number, make sure you put some imagination into it. Turns out, the four digit number combination you use for your bank and possibly other accounts may be much less secure than you think.
That’s the conclusion researchers at Data Genetics came to. The scientists at the data analysis firm gathered a list of previously released stolen passwords and filtered those that were four digits long to find which were the most and least predictable. Although many of these passwords were for online bank accounts and other websites, the researchers believed it isn’t a far stretch to assume people use the same passwords for their ATM PINs.
Nick Berry, founder of Data Genetics, said there is a “staggering lack of imagination” amongst the 3.4 million four-digit passwords his group analyzed. Here is what they found: Nearly 11% of the combinations listed “1234” as the password, making this combination the most popular PIN. The second most popular one was “1111,” making up 6% of the combinations, followed by “0000” at 2% of the combos.
The group also found that combinations that started with “19” were above the 80th percentile in popularity, with the highest numbers showing up most frequently. Not a very secure choice, either. As Berry points out, “People use years, date of birth — it’s a monumentally stupid thing to do because if you lose your wallet, your driver’s license is in there. If someone finds it, they’ve got the date of birth on there. At least use a parent’s date of birth.”
People also seem drawn towards repetition. Passwords such as “3333” or “1212” showed up often, as did those based on visual clues like “2580” – numbers that run down the middle of an ATM keypad or your phone.
Also worth nothing is that although there are 10,000 possible four-number combinations between zero and nine, the report found more than 10 percent of all bank accounts can be hacked with just one guess. And if you’ve got a smart thief who realizes that many people use birth years or simple combinations as PINs there’s an even higher chance of him cracking the code.
So what was the least common combo? The safest number was “8086,” which came up only 25 times. Knowing this does us no good now that the information is public, but what cues can we take from it? We can see that nothing stands out in this combo – There is no repeating pattern, it doesn’t indicate a birthday, “it’s not the year Columbus discovered America, [and] it’s not 1776” Berry points out. There is nothing significant about this and the other combinations that were at the bottom – something to remember when you think up your next PIN (or while changing the one you have right now).
A couple of other interesting things the study found: The 17th-most common 10-digit password was “3141592654” which, for those of you who never considered math your best subject, are the the first digits of Pi. Also, the fourth most popular seven-digit password was “8675309,” a popular 1980s song by Tommy Tutone.
To learn more and see the full study, click here.