How easy would it be for someone to guess your PIN—you know, the four-digit number you use at ATMs and when you make a purchase with a debit card? Researchers at the data-analysis firm DataGenetics scrutinized a database of 3.4 million stolen passwords and uncovered some startling statistics.
For example, a hacker’s odds of randomly guessing the correct number is one in 10,000. If he has three tries, odds increase to one in 3,333. If your PIN is your birth date, a year in the 1900s, or an obvious numerical sequence, the odds go way up. So much so, consider it one of the 16 clear signs you’re about to be hacked.
The group found that the three most popular combinations—1234, 1111, and 0000—account for close to 20 percent of all four-digit passwords. Every four-digit combination that starts with 19 ranks above the 80th percentile in popularity. Month/day combinations—those in which the first two digits are between 01 and 12 and the last two are between 01 and 31—are also popular. So choosing your birthday or your birth year makes your password significantly easier to guess.
On the other hand, the least popular combination, 8068, appears less than 0.001 percent of the time. Probably because it’s so random—it follows no discernible pattern such as a date or repetition of numbers.
“Statistically, 8068 is the safest PIN,” says Tyler Moffitt, senior threat research analyst at Webroot. “Other good numbers are 7637, 6835, and 9629. But that’s mainly because they follow no pattern, isn’t a date, or repetition of numbers, or the column of the keypad (2580).”
DataGenetics discovered that the combination 2580 was the 22nd-most-popular PIN (most likely because those four numbers appear in a single column from top to bottom on a phone or ATM keypad), that people prefer even numbers to odd (2468 ranks higher than 1357), and that far more passwords start with 1 than any other number.
But since you (and other readers) now know the safest pin out there, you might want to consider something else. Reader’s Digest turned to cybersecurity analyst Jamie Cambell, PhD, and Director of Content at Security Baron, Gabe Turner, for their advice. Here are some savvy suggestions:
- Pick obscure dates like when you had your first kiss or the time you were born.
- Go with a birthday of a close friend, the date of your favorite holiday, or the current time.
Whichever password you go with, change your PIN periodically, especially when you hear about a data breach. “With most banks, you can change the card’s PIN right at the ATM, by selecting ‘Other Options’ or something similar to that. Just be sure to use the same precautions noted above when typing in the new PIN,” says Jason Glassberg, co-founder of Casaba Security.
Now that your PIN is (hopefully) more secure, make sure you know the 10 times swiping your debit card could put your money at risk.