Security
Headlines
HeadlinesLatestCVEs

Headline

These are the 10 worst PIN codes

Data analysis has shown which 4-digit pin codes offer the best chances for an attacker. Are you using one of them?

Malwarebytes
Open in Source
#mac#git#auth#sap

Australian news outlet ABC NEWS analyzed a data set of 29 million 4-digit PIN numbers that people actually used to secure their devices, ATM withdrawals, building access, and more.

What the outlet discovered is both expected and disappointing: Too many people use insecure PIN codes to protect important parts of their lives.

Now, I feel compelled to add that I’ve always considered any four-digit string of numbers as simply too few numbers to secure anything important. It takes only 10,000 tries in a worst-case scenario for the attacker, which is not an awful lot for a determined—and sometimes machine-assisted—attacker.

My (Dutch) bank uses a five-digit number to access the app, although it still uses four digits for payments or to make withdrawals from an ATM. But that might be because that’s how the machines are programmed to work. Also, in those cases, entering the PIN itself could be considered a second factor in a multi-factor authentication (MFA) procedure since you already need to have possession of the card.

That said, ABC’s research shows that many of us are predictable when it comes to picking out our PINs. For example, it should come as no surprise that 0000 is popular since it is the default PIN code for many devices—and apparently many people don’t see the importance of changing it.

Whether this reflects our doubt in our own memory or it reflects a certain degree of laziness would require a deeper psychological analysis, but as with passwords, people tend to pick easy-to-remember options that are, for instance, the same digit repeated four times over, or a predictable sequence of four digits, such as 1234. They also prefer numbers that are easy to type, like the figure “2580” which goes straight down the numberpad.

2580 is ranked 28

Other predictable numbers stem from the fact that we use birthdays and birth-years so we can easily remember the PIN code. This is why we see a lot of pin numbers that start with 19 for a year or where the first digit of a month is either a 0 or a 1 which comes in the first or third place of the code, depending on the way you format your dates.

The worrying part is that by trying the first the options in the list ranked by popularity, an attacker can raise his chances of a breach to 11.7 %.

In some cases the attacker may only have five chances, so guess which ones they will be trying.

I have copied the top 10 PIN codes, so you can get an idea of which codes to avoid or change to improve the security level of them.

Ranking

Code

Popularity

1

1234

9.0%

2

1111

1.6%

3

0000

1.1%

4

1342

0.6%

5

1212

0.4%

6

2222

0.3%

7

4444

0.3%

8

1122

0.3%

9

1986

0.3%

10

2020

0.3%

As in many situations, it’s prudent to remember that the option that is easiest to use is almost never the most secure.

Malwarebytes: Latest News

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?
Malwarebytes