If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Not long, according to data scientist, Nick Berry, founder of Data Genetics, a Seattle technology consultancy.
Berry analyzed passwords previously from released and exposed password tables and security breaches and filtered the results to just those that were exactly four digits long [0-9]. There are 10,000 possible combinations that the digits 0-9 can be arranged to form a four-digit code. Berry analyzed those to find which are the least and most predictable. He speculates that if users select a four-digit password for an online account or other web site, it's not a stretch to use the same number for their four-digit bank PIN codes.
What he found, he says, was a "staggering lack of imagination" when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed are 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%).
Berry says that a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says...
keyboard shortcuts: V vote up article J next comment K previous comment