Over at Data Genetics there’s a great analysis of PIN numbers. By aggregating data from several breaches Nick Berry gathered 3.4 million PIN numbers and performed extensive analysis on them. Every possible value was represented in the sample but they were far from uniformly distributed. It will be no surprise to regular Irreal readers that the most common PIN was 12341 at almost 11%. Incredibly, the top 5 (1234, 1111, 0000, 1212, 7777) account for over 20% of the PINS. In terms of the iPhone and its automatic wipe after 10 failed PINS, an attacker has an over 23% chance of getting the correct PIN just by guessing the most popular ones.
There’s a lot more to Berry’s analysis than the most/least popular pins. The post is long and detailed and has a huge amount of information. If you use PINS (and who doesn’t?) I really recommend that you take a look at this post. PINS, of course, are not particularly secure but they are used all over the place and there’s no reason to be using an obvious one. Consider this. If a random person loses his ATM card, a dishonest finder has an over 18.6% chance of picking the correct PIN in 3 tries by guessing 1234, 1111, and 0000. Would your account be disgorging funds?
1 Unless you’re the French Central Bank, in which case your pin is 123456.