Fri, Sep 21, 2012
Yahoo! editors have selected this article as a
favorite of 2012. It first appeared on Yahoo! Finance in September and
was one of the most popular stories of the month. Readers joked about
people who use the most common PIN codes, and shared how they came up
with their own. "My pin number is my post office box number from my time
in the Air Force 30 years ago on a base that no longer exists," wrote
user Nick. "Feel free to hack that."
If you lost your ATM card on the street, how easy would it be for
someone to correctly guess your PIN and proceed to clean out your
savings account? Quite easy, according to data scientist Nick Berry,
founder of Data Genetics, a Seattle technology consultancy.
Berry analyzed passwords from previously released and exposed tables
and security breaches, filtering the results to just those that were
exactly four digits long [0-9]. There are 10,000 possible combinations
that the digits 0-9 can be arranged into to form a four-digit code.
Berry analyzed those to find which are the least and most predictable.
He speculates that, if users select a four-digit password for an online
account or other web site, it's not a stretch to use the same number for
their four-digit bank PIN codes.
What he found, he says, was a "staggering lack of imagination" when
it comes to selecting passwords. Nearly 11% of the 3.4 million
four-digit passwords he analyzed were 1234. The second most popular PIN
in is 1111 (6% of passwords), followed by 0000 (2%). (Last year
SplashData compiled a list of the most common numerical and word-based passwords and found that "password" and "123456" topped the list.)
Berry says a whopping 26.83% of all passwords could be guessed by
attempting just 20 combinations of four-digit numbers (see first table).
"It's amazing how predictable people are," he says.
We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says.
Days, Months, Years
Many of the commonly used passwords are, of course, dates: birthdays,
anniversaries, year of birth, etc. Indeed, using a year, starting with
19__, helps people remember their code, but it also increases its
predictability, Berry says. His analysis shows that every single 19__
combination be found in the top 20% of the dataset.
"People use years, date of birth — it's a monumentally stupid thing
to do because, if you lose your wallet, your driver's license is in
there. If someone finds it, they've got the date of birth on there. At
least use a parent's date of birth [as a password]," says Berry.
Somewhat
intriguing was #22 on the most common password list: 2580. It seems
random, but if you look at a telephone keypad (or ATM keypad), you'll
see those numbers are straight down the middle — yet another sign that
we're uncreative and lazy password makers.
The Least Predictable Password
The least-used PIN is 8068, Berry found, with just 25 occurrences in
the 3.4 million set, which equates to 0.000744%. (See the second table
for the least popular passwords.) Why this set of numbers? Berry
guesses, "It's not a repeating pattern, it's not a birthday, it's not
the year Columbus discovered America, it's not 1776." At a certain
point, these numbers at the bottom of the list are all kind of "the
lowest of the low, they're all noise," he says.
A few other interesting tidbits from Berry:
-The most popular PIN code (1234) is used more than the lowest 4,200 codes combined.
- People have even less imagination in choosing five-digit passwords — 28% use 12345.
- The fourth most popular seven-digit password is 8675309, inspired by the Tommy Tutone song.
-People love using couplets for their PINs: 4545, 1313,
etc. And for some reason, they don't like using pairs of numbers that
have larger numerical gaps between them. Combinations like 45 and 67
occur much more frequently than 29 and 37.
-The 17th most common 10-digit password is 3141592654 (for those of you who are not math nerds, those are the first digits of Pi).
No comments:
Post a Comment