TypewriterFrom The Urbach Letter October 2012

Return to Archive

A Bad Combination

What's the chance that a total stranger will guess your four-digit lock combination or your bank PIN, or your alarm system code? If you had chosen your digits carefully, it would be one in ten thousand (0000 to 9999). But… just like choosing passwords, most people favor the familiar and easy-to-remember over the highly secure. Thus, simplistic patterns rule the day (1234, 1010, 1212, etc.). In fact, there's a better than one in four chance your lock combination or pin is in this list of the 20 most commonly used number sequences:

Popularity PIN Frequency
#1 1234 10.713%
#2 1111 6.016%
#3 0000 1.881%
#4 1212 1.197%
#5 7777 0.745%
#6 1004 0.616%
#7 2000 0.613%
#8 4444 0.526%
#9 2222 0.516%
#10 6969 0.512%
#11 9999 0.451%
#12 3333 0.419%
#13 5555 0.395%
#14 6666 0.391%
#15 1122 0.366%
#16 1313 0.304%
#17 8888 0.303%
#18 4321 0.293%
#19 2001 0.290%
#20 1010 0.285%

If you recognize yours in there, it's time to change it before your security is compromised and you suffer a loss.

Where did this list come from, you may ask. DataGenetics, a "big data" consulting firm, obtained a list of 3.4 million four-digit passwords extracted from a much larger set of exposed user passwords of all types. They filtered out all but those that were exactly four digits long: a very good proxy for the bank PINs and user-set lock combos that are (understandably) harder to obtain in large quantities.

As you can see from the table, 1-2-3-4 is wildly popular. Out of the 3.4 million, a crazy-high 364,242 choices (10.713%), were this simplistic sequence. Next up, all ones accounted for nearly one in every sixteen PINs. The rest are plainly obvious: every four-the-same sequence from 0-0-0-0 through 9-9-9-9, toggle patterns such as 1-2-1-2, 1-1-2-2, 1-3-1-3, 6-9-6-9, and a countdown 4-3-2-1. The only one you might not expect is 1-0-0-4, until you think of Jack Webb in Dragnet.

Not in the top twenty but still very popular are keypad patterns like 2-5-8-0 (going straight down the middle) or 1-3-9-7 (clockwise around the corners). Also high up in the list are all the MMDD combinations with the first M zero or one, the second M zero, one, or two, and DD running from one through 31. Then there are all the four-digit years starting in the early/mid 1900's. Aside from these generally-popular choices, you'd also be well advised to avoid choosing personally-linked info such as your address, portion of your telephone number, etc.

So now you know what numbers and patterns to avoid, how do you choose a truly random PIN? If you're fully confident in your ability to remember a "nonsense" number, just throw some dice (surprisingly handy items to keep in your desk drawer) or copy down the last four digits from your car's odometer. For a more easily recalled PIN or combination, first choose a word you'll always remember and convert the first four letters to corresponding numbers using your phone dial pad. If you're in the sciences or an (ex) engineer like me, there are scores of physical constants and unit conversion factors that are burned into your brain for all time. Just pick one and use the four most significant digits for your PIN. However, avoid Pi. 3141592654 is the seventeenth most popular ten-digit password according to an expanded study.

In this age of rampant hacking, cracking, ATM card skimming, and outright physical theft, things often come down to failure of the weakest link. Don't let that be your security code.


Return to Archive

(c) Copyright 2002-2013 Victor Urbach
This article
may be reprinted with permission and attribution