The PINs you should avoid at all cost

We’re sorry, this feature is currently unavailable. We’re working to restore it. Please try again later.

Advertisement

This was published 11 years ago

The PINs you should avoid at all cost

By Will Oremus
Updated

How easy would it be for a thief to guess your four-digit PIN?

If he were forced to guess randomly, his odds of getting the correct number would be one in 10,000 - or, if he has three tries, one in 3333.

Don't opt for a number in the 1900s if you want a secure PIN.

Don't opt for a number in the 1900s if you want a secure PIN.

But if you were careless enough to choose your birth date, a year in the 1900s, or an obvious numerical sequence, his chances go up. Way up.

Researchers at the data analysis firm Data Genetics have found that the three most popular combinations - "1234," "1111," and "0000" - account for close to 20 per cent of all four-digit passwords.

Meanwhile, every four-digit combination that starts with "19" ranks above the 80th percentile in popularity, with those in the late - er, upper - 1900s coming in the highest.

Also quite common, in the US at least, are MM/DD combinations - those in which the first two digits are between "01" and "12" and the last two are between "01" and "31".

So choosing your birthday, your birth year, or a number that might be a lot of other people's birthday or birth year makes your password significantly easier to guess.

On the other end of the scale, the least popular combination - 8068 - appears less than 0.001 per cent of the time. (Although, as Data Genetics acknowledges, you probably shouldn't go out and choose "8068" now that this is public information.)

Rounding out the bottom five are "8093", "9629", "6835", and "7637", which are all nearly as rare.

Advertisement

Data Genetics came up with the numbers by analysing a database of 3.4 million stolen passwords that have been made public over the years. Most of these are passwords for websites. But by looking specifically at those that comprise exactly four characters, all of which are numerals, the researchers figured they could get a decent proxy for ATM PINs as well.

One would hope, of course, that fewer people choose "1234" to protect their bank accounts than to log in to random websites. But Data Genetics found some circumstantial evidence to support its hypothesis that there are some strong correlations between the two.

For instance, the combination "2580" was the 22nd-most popular in their data set. Why so high? Probably because those four numbers appear in a single column from top to bottom on a phone or ATM keypad. On most computer keyboards, they do not.

Slate

Most Viewed in Technology

Loading