If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Quite easy, according to data scientist Nick Berry, founder of Data Genetics, a Seattle technology consultancy.
What he found, he says, was a “staggering lack of imagination” when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed were 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers. “It’s amazing how predictable people are,” he says.
Many of the commonly used passwords are, of course, dates: birthdays, anniversaries, year of birth, etc. Indeed, using a year, starting with 19__, helps people remember their code, but it also increases its predictability, Berry says. His analysis shows that every single 19__ combination be found in the top 20% of the data set.
‘Lazy password makers’
“People use years, date of birth — it’s a monumentally stupid thing to do because, if you lose your wallet, your driver’s license is in there. If someone finds it, they’ve got the date of birth on there. At least use a parent’s date of birth [as a password],” says Berry.
Somewhat intriguing was #22 on the most common password list: 2580. It seems random, but if you look at a telephone keypad (or ATM keypad), you’ll see those numbers are straight down the middle — yet another sign that we’re uncreative and lazy password makers.
The least-used PIN is 8068, Berry found, with just 25 occurrences in the 3.4 million set, which equates to 0.000744%. Why this set of numbers? Berry guesses, “It’s not a repeating pattern, it’s not a birthday, it’s not the year Columbus discovered America, it’s not 1776.” At a certain point, these numbers at the bottom of the list are all kind of “the lowest of the low, they’re all noise,” he says.
Have you ever lost your ATM or your wallet and worried about your PIN code being cracked? How confident are you about your PIN code?