How easy would it be for someone to guess your PIN—you know, the four-digit number you use at ATMs and when you make a purchase with a debit card? Researchers at the data-analysis firm DataGenetics scrutinized a database of 3.4 million stolen passwords and uncovered some startling statistics.
For example, a hacker’s odds of randomly guessing the correct number is one in 10,000. If he has three tries, odds increase to one in 3,333. If your PIN is your birth date, a year in the 1900s, or an obvious numerical sequence, the odds go way up.
The group found that the three most popular combinations—1234, 1111, and 0000—account for close to 20 percent of all four-digit passwords. Every four-digit combination that starts with 19 ranks above the 80th percentile in popularity. Month/day combinations—thosein which the first two digits are between 01 and 12 and the last two are between 01 and 31—are also popular. So choosing your birthday or your birth year makes your password significantly easier to guess.
On the other hand, the least popular combination, 8068, appears less than 0.001 percent of the time. Probably because it’s so random—it follows no discernible pattern such as a date or repetition of numbers. Other unpopular PINs are 8093, 9629, 6835, and 7637. DataGenetics discovered that the combination 2580 was the 22nd-most-popular PIN (most likely because those four numbers appear in a single column from top to bottom on a phone or ATM keypad), that people prefer even numbers to odd (2468 ranks higher than 1357), and that far more passwords start with 1 than any other number.
*At least it was until we published this story.