How Common Is Your PIN?

phantomfive writes: We've seen password frequency lists, here is an analysis of PIN frequency with a nice heatmap towards the bottom. There is a line for numbers starting with 19*, which is the year of birth, a cluster around MM/DD for people's birthdays, and a hard diagonal line for the same digit repeated four times.

1234 passwords

Those 1234 passwords that people always talk about, those are just from temporary e-mail addresses that people create when they want something anonymous.
I've created plenty of accounts with incredibly easy passwords, because I only used them once and didn't care if the accounts would be hacked a minute after creation.
PIN numbers are not the same thing as passwords.
This is not an analysis of PIN frequency, it's an analysis of 4-digit numeric-only passwords.

Re:1234 passwords

[unixisc]

I'm thinking particularly of the pin# for Windows 10. For some things, I pick numbers that few will think of other than me. For others, like say my work account, I picked the 4-digit number of the building of my employer's headquarters, since there's a good chance that I'd have to share that w/ colleagues.

I don't exactly see the point of trying to create a complicated PIN, since there are just 10,000 combinations. So might as well pick something that's easily remembered.

Interesting

[jbmartin6]

Just a quick overview, but it appears the selection of PINs obeys Benford's Law

Re:At least my pin 8068 is safe

[plover]

Which is monumentally STUPID! That leads to people writing it down just so they can remember it. I can see my idiot brother even writing it on the card so he doesn't have to remember it!

People get all panicked about "writing down their passwords." I have never seen a case where a hacker was able to reach through the internet and shoulder surf that piece of paper. Offline analog storage has a much better security profile than the average bureaucrat's Excel spreadsheet full of passwords.

Sure, local attacks on the paper are possible, but extremely rare when compared to online attacks. Paper records have a much lower risk profile.

Re:Weird

[plover]

Back in the eighties, I was opening a bank account and the guy told me to pick a PIN. I pulled out my trusty Casio programmer's calculator, hit the random button 4 times, and wrote down the last digit of each.

So, no. You're not alone.

Re:At least my pin 8068 is safe

[alexhs]

I've never seen anyone needing a cheat-sheet to enter their PIN around here. So, it appears that the French population at large is able to remember a 4-digit number.
I'm sorry to hear that the average American is unable to do that.

By the way, the way it's done, they give you your credit card at the counter or in the mail, and send you your PIN in a separate mail, your banker never knows the PIN either. The mail with the PIN contain safety instructions: memorize it, keep it confidential, never store it along the card, and, apparently, people are able to follow these instructions. The PIN is permanent, so when the card expire, by default the next card will have the same PIN. It's only if your card has been stolen or otherwise compromised that they will issue you a new PIN.