CreditCards.com

Living with credit, Research, regulation, industry reports

Hacking PINs is as easy as 1-2-3-4

Kristie Aronow

Some big decisions have to be made on the spot. When you sign up for a debit card, more than likely you’ll only have a few moments to select your PIN. Research suggests most people choose dangerously simple codes that may be easily remembered, and just as easily guessed by thieves.

Data Genetics, a data aggregator, studied the popularity of all 10,000 possible four-digit PIN numbers. Nearly 11 percent of the 3.4 million PINs in the data set used 1234. The second most popular four-digit PIN is 1111, garnering 6 percent. Bronze went to 0000 with 1.8 percent. Clearly, most people aren’t very creative. Hacking PINs is as easy as 1-2-3-4

It should be noted that those who are trying to pay homage with PINs are also represented in the data. James Bond fans have bolstered the PIN 0007 to No. 23, with its close cousin 0070 coming in at No. 28. The PIN 1984 achieved position No. 26, but it’s unclear if this is a birth year or tribute to George Orwell. Considering that nearly 50 years have passed, it is impressive that 2001 (presumably for A Space Odyssey story) is still in the top 20, sliding in at No. 19.

The data reveals another fun fact: People seem to prefer even numbers over odd. For example, 2468’s a number we appreciate — it occurs more frequently than an odd number equivalent, such as 1357. When DataGenetics President Nick Berry studied data for longer numerical passwords, other famous numbers cropped up. Among the codes making an appearance were 8675309 (a tribute to the popular 1980s song by Tommy Tutone), which users bolstered to the No. 4 position among seven-digit codes.

Codes dealing with key-position are more common in longer passwords. Some consumers choose to create keypad patterns, such as an “X,” using 159753. Others used rows and columns to create passwords — 789456123 and 147258369 were common. To help remember 10-digit passwords, some channel their inner math nerd, using pi’s first digits, 3141592654.

Joseph Bonneau, an engineer for Google’s Data Protection team, wrote his doctoral thesis on human-chosen passwords, including PIN choices. According to Bonneau, 9 percent of users chose a pattern on the keypad. The research showed box keys 1425, corners 9713 and a cross 8246 were among the most popular.

Picking a good PIN
After reviewing popular passwords, it’s clear that despite the “P” in PIN standing for “personal,” most people aren’t using their own experiences to honor numerical memories. Some of the best PINs come from memorable dates, according to butterscotch.com, a site dedicated to teaching tech savviness. However, many pick digits that are too easy to figure out, says Mike Callahan (aka Dr. File Finder) on the butterscotch site in a Web tutorial. Bad codes include birthdays, house numbers or wedding anniversaries. The best codes are things that are meaningful to you, but no one else. Examples of good PINs can include graduation dates, death dates or the date you met your spouse.

Beyond using dates for a PIN, Ann Knapp, a contributor for Ezine9.com, suggests making a word using the numeric alphabet. This method would produce a bounty of random PINs that would still be easy to remember, however, there are automated hacking programs that use words from the dictionary to crack PINs and passwords. Try using nicknames to maximize the benefits of this method or mix words with numbers. For example: s3cur1ty (security).

My personal PIN equation

When I decide on a PIN, I try to focus on past numbers of importance. I have moved 10 times in the past decade, so using move dates are a good option for me. How do you choose yours?

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

  • Joe Bertini

    Why not use a function say p(n) = the first four digits after the decimal point for SqRoot(n).
    For example, the account number for which you want to create a pin is 5023 4017 6935 2259.
    Well the square root of 5023 is 70.87312607…
    You could choose 8731 as the pin.
    To recall the pin in the even that you forgot it,
    just repeat the process with your smart phone, or any other available calculator.
    As you can see, this method will create unique pin numbers for every one of your accounts and the “beauty part” is that you never have to write the pins ANYWHERE. Just remember the function that you created to produce your pins.
    Other fun functions are sin, cos, tan, log, ln,…
    jb

  • Joe Bertini

    I had to submit my previous comment regarding the creating of PINs several times because I kept entering the “phrase” incorrectly. My error was inserting a “space” between the two words. Fortunately I “copied” the entire text of my submission using “Ctrl-c” and was able to paste it into the Comments box.
    I suggest that you advise future “commentators” not to leave a space between the words of the “phrase” !!
    Thank you,
    jb