Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security News Technology

How Common Is Your PIN? (datagenetics.com) 114

phantomfive writes: We've seen password frequency lists, here is an analysis of PIN frequency with a nice heatmap towards the bottom. There is a line for numbers starting with 19*, which is the year of birth, a cluster around MM/DD for people's birthdays, and a hard diagonal line for the same digit repeated four times.
This discussion has been archived. No new comments can be posted.

How Common Is Your PIN?

Comments Filter:
  • by Anonymous Coward on Sunday March 06, 2016 @04:12PM (#51649611)

    (Cthon98) hey, if you type in your pw, it will show as stars
    (Cthon98) ********* see!
    (AzureDiamond) hunter2
    (AzureDiamond) doesnt look like stars to me
    (Cthon98) (AzureDiamond) *******
    (Cthon98) thats what I see
    (AzureDiamond) oh, really?
    (Cthon98) Absolutely
    (AzureDiamond) you can go hunter2 my hunter2-ing hunter2
    (AzureDiamond) haha, does that look funny to you?
    (Cthon98) lol, yes. See, when YOU type hunter2, it shows to us as *******
    (AzureDiamond) thats neat, I didnt know IRC did that
    (Cthon98) yep, no matter how many times you type hunter2, it will show to us as *******
    (AzureDiamond) awesome!
    (AzureDiamond) wait, how do you know my pw?
    (Cthon98) er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
    (AzureDiamond) oh, ok.

    - http://bash.org/?244321 [bash.org]

  • 1234 passwords (Score:3, Interesting)

    by Anonymous Coward on Sunday March 06, 2016 @04:17PM (#51649629)

    Those 1234 passwords that people always talk about, those are just from temporary e-mail addresses that people create when they want something anonymous.
    I've created plenty of accounts with incredibly easy passwords, because I only used them once and didn't care if the accounts would be hacked a minute after creation.
    PIN numbers are not the same thing as passwords.
    This is not an analysis of PIN frequency, it's an analysis of 4-digit numeric-only passwords.

    • Re:1234 passwords (Score:4, Interesting)

      by unixisc ( 2429386 ) on Sunday March 06, 2016 @06:28PM (#51650267)

      I'm thinking particularly of the pin# for Windows 10. For some things, I pick numbers that few will think of other than me. For others, like say my work account, I picked the 4-digit number of the building of my employer's headquarters, since there's a good chance that I'd have to share that w/ colleagues.

      I don't exactly see the point of trying to create a complicated PIN, since there are just 10,000 combinations. So might as well pick something that's easily remembered.

  • Ha... (Score:4, Funny)

    by Type44Q ( 1233630 ) on Sunday March 06, 2016 @04:19PM (#51649641)

    My psycho/retard ex would *always* uses "0852" for her PIN. Why? Sheer fucking laziness.

  • Not even PIN data (Score:4, Informative)

    by OzPeter ( 195038 ) on Sunday March 06, 2016 @04:28PM (#51649683)

    From TFA

    Obviously, I don’t have access to a credit card PIN number database. Instead I’m going to use a proxy. I’m going to use data condensed from released/exposed/discovered password tables and security breaches.

    By combining the exposed password databases I’ve encountered, and filtering the results to just those rows that are exactly four digits long [0-9] the output is a database of all the four digit character combinations that people have used as their account passwords.

    • I would guess that it's a reasonable proxy for PINs that people get to choose themselves, such as those for SIM cards and phone unlock codes. Where I live, you don't get to choose the PIN for your debit card.

      As for my phone: it has an encryption password, an unlock code, and a SIM PIN, in order of decreasing complexity, related to the potential for damage if someone guesses it right and to the number of tries before the system locks/wipes itself.

      • I would guess that it's a reasonable proxy for PINs that people get to choose themselves

        I don't think so. I often use something like "1234" for some stupid throwaway account on a website that shouldn't even have accounts in the first place. But I use something pseudo-random (meaningful to me, but random to anyone else) for anything important, like a bank card.

        • by Anonymous Coward

          Exactly, I wonder if there's any significant difference between the PIN and passwords people use for different types of services.

          Personally I use three types of passwords, for throwaway accounts that I gave no personal info/payment info, like newspaper sites, xda, etc, I just use "password" as the password, adding a "!" and or "0" as needed.

          For sites that I sort of want to hold on to the account but has no personal/payment info (/. for example), I use my old phone number for it.

          I only actually attempt to us

    • TFA also explains why the author believes the dataset is relevant for ATM PINs and similar.
      • by tgv ( 254536 )

        > TFA also explains why the author believes the dataset is relevant for ATM PINs and similar.

        Believing is most certainly not good enough. It's just an excuse to make his finding look more interesting than it is, which is: hacked password lists contain many simple passwords, nobody really knows what for.

  • by mdsolar ( 1045926 ) on Sunday March 06, 2016 @04:29PM (#51649687) Homepage Journal
    Oh, wait...
  • Super old blog (Score:5, Informative)

    by MrLogic17 ( 233498 ) on Sunday March 06, 2016 @04:34PM (#51649707) Journal

    I thought this blog posting on PIN numbers looked familiar - then I looked at the publish date. September 3rd, 2012.

    Um, guys?

    • by Mashiki ( 184564 )

      This is /. so that's new and exciting information. Just be happy it was only almost 4 years ago.

  • by Anonymous Coward on Sunday March 06, 2016 @04:43PM (#51649745)

    the last for digits of Pi for my PIN.

    • by Anonymous Coward

      Plot twist...they are 12 3 4.

    • Comment removed based on user account deletion
  • All you have to do is enter your PIN and it'll tell you how common it is.
  • I guess it has been over six months since it was last posted on /. but a dupe none the less...

  • From the article it seems that they have a pretty good chance of guessing the password in just a few attempt.

    We all know the real reason...
    • by MacTO ( 1161105 )

      If I recall correctly, the FBI wants Apple to disable the feature that disables or formats the device after too many incorrect attempts. Just because it is possible to crack 1 in 5 accounts after a handful of attempts doesn't mean that you will be able to crack a particular account in a handful of attempts (particularly if that person is paranoid).

  • by Anonymous Coward

    Am I the only one who uses a random number generator to pick their pin numbers?
    The banks I've dealt with also don't allow numbers like 1111 or 1234.

    • Re:Weird (Score:4, Interesting)

      by plover ( 150551 ) on Sunday March 06, 2016 @06:21PM (#51650233) Homepage Journal

      Back in the eighties, I was opening a bank account and the guy told me to pick a PIN. I pulled out my trusty Casio programmer's calculator, hit the random button 4 times, and wrote down the last digit of each.

      So, no. You're not alone.

      • by nbauman ( 624611 )

        Back in the eighties, I was opening a bank account and the guy told me to pick a PIN. I pulled out my trusty Casio programmer's calculator, hit the random button 4 times, and wrote down the last digit of each.

        I did something like that to get a random PIN, and the bank system rejected it because I had repeated the same digit twice in a row.

        • I did something like that to get a random PIN, and the bank system rejected it because I had repeated the same digit twice in a row.

          stupid password rules... There's tons if it everywhere!

    • Sadly, you probably ARE the only one.

  • and a hard diagonal line for the same digit repeated four times.

    No - or at least not entirely. The hard diagonal line represents the same pair of digits repeated - 1010, 2424, 8585.

    There are brighter spots on that diagonal line for each of the "same digit" combinations.

  • The price of a cheese pizza and large soda and panucci's pizza. $10.77.
  • Interesting (Score:5, Interesting)

    by jbmartin6 ( 1232050 ) on Sunday March 06, 2016 @05:40PM (#51650023)
    Just a quick overview, but it appears the selection of PINs obeys Benford's Law [wikipedia.org]
  • I'm just wondering whether those "bottom 100" are still at the bottom.

    On another topic, how many people use their /. ID number as their PIN? Go ahead, raise your hands, don't be shy.

  • by antifoidulus ( 807088 ) on Sunday March 06, 2016 @05:48PM (#51650073) Homepage Journal
    I can't believe "5309" isn't in the top 10, don't people love Jenny anymore?
    • Re: (Score:2, Informative)

      by Anonymous Coward

      "The fouth most popular seven digit password is 8675309"

  • El Reg a few years back had a story that in the nineties, one of the big four banks in the UK had its security team compromised. New cards had a PIN set from only one of three choices. That meant that anyone intercepting a card who knew the three could go haywire with the account. The customer wouldn't know and the bank couldn't explain it.

    Could have been cock and bull, but it's a possible small source of non-randomness.

  • FTA: "For five digit passwords, [...] All the usual suspects occur, but a new addition is the puerile addition in position #20 of the concatenation of 420 and 69."

    Am I competely sutpid, or is there some cultural reference here, which I don't get? Why "42069"? Why is it puerile?

  • Safe! (Score:4, Funny)

    by rebelwarlock ( 1319465 ) on Sunday March 06, 2016 @11:43PM (#51651315)
    Ha! 1337 didn't even make the list!
  • by spiritplumber ( 1944222 ) on Monday March 07, 2016 @01:20AM (#51651493) Homepage
    incredible! it's the same PIN as my luggage!
  • by dwater ( 72834 ) on Monday March 07, 2016 @06:01AM (#51652233)

    I would be interested in seeing the results of an investigation into a similar study that also factors in the importance of what is *behind* the password.

    I don't think I'm the only one who puts more effort into choosing a 'good' password for things that are of value. I choose really quite poor passwords for things I really don't care about - eg have no sensitive information behind the login. For things like cash point cards, and other things in front of my actual money, I attempt to use much better passwords.

    I think there are many things of little or no value, while just a few of high value. I guess this might skew the numbers somewhat. It's probably quite difficult to factor in this aspect, but it makes me question the conclusions.

    • The funny thing is that my desk phone at work requires a more secure password for f***ing voicemail than my bank account does. The work one needs to be changed every few months, and you can't re-use your previous passwords. My bank would be happy to accept 1-1-1-1 for perpetuity.

  • That doesn't matter because you cannot change your PIN.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...