If you lost your ATM card on the street, how easy would
it be for someone to correctly guess your PIN and proceed to clean out
your savings account? Quite easy, according to data scientist Nick
Berry, founder of Data Genetics, a Seattle technology consultancy.
Berry analyzed passwords from previously released and exposed tables
and security breaches, filtering the results to just those that were
exactly four digits long [0-9]. There are 10,000 possible combinations
that the digits 0-9 can be arranged into to form a four-digit code.
Berry analyzed those to find which are the least and most predictable.
He speculates that, if users select a four-digit password for an online
account or other web site, it's not a stretch to use the same number for
their four-digit bank PIN codes.
What he found, he says, was a "staggering lack of imagination" when
it comes to selecting passwords. Nearly 11% of the 3.4 million
four-digit passwords he analyzed were 1234. The second most popular PIN
in is 1111 (6% of passwords), followed by 0000 (2%). (Last year
SplashData compiled a list of the most common numerical and word-based passwords and found that "password" and "123456" topped the list.)
Berry says a whopping 26.83% of all passwords could be guessed by
attempting just 20 combinations of four-digit numbers (see first table).
"It's amazing how predictable people are," he says.
We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says.
[via scalenet]