All PINs Leaked on the Interwebs!

by Mercator Advisory Group 0

Of course, the title of this feature is a hoax. There are only 10,000 possible combinations for four-digit PINs, and their “leaking” on the Internet has been a running joke for some time. The actual story is a bit different.

A very interesting analysis project on PINs was conducted by blog Datagenics that examined consumer use of PINs for their payment card accounts and other access codes. Using “data condensed from released/exposed/discovered password tables and security breaches” that yielded an impressive 3.4 million PINs, the researchers drew some exceedingly illustrative results and conclusions that should get the payments industry thinking about the relative viability of current authentication procedures.

Here’s one snippet:

The most popular password is 1234. [I]t’s staggering how popular this password appears to be. Utterly staggering at the lack of imagination…nearly 11% of the 3.4 million passwords are 1234!!!

The next most popular 4-digit PIN in use is 1111 with over 6% of passwords being this. In third place is 0000 with almost 2%.

A table of the top 20 found passwords in shown at the right. A staggering 26.83% of all passwords could be guessed by attempting these 20 combinations!

(Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect the these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered)

Looking more closely at the top few records, all the usual suspects are present 1111, 2222, 3333, 9999 as well as 1212 and (snicker) 6969.

Click here to read more from Data Genetics.