Změna hesla: Aktuálně.cz doporučuje | Bezpečnost online
Our digital lives often hinge on just four numbers. We enter them to unlock our phones, withdraw cash from ATMs, and access online banking. A PIN is a subtle, yet crucial, security feature. And, as data reveals, not all choices are created equal.
The Popularity Problem
Australian news outlet ABC analyzed 29 million PIN codes exposed in data breaches, gathered by the Have I Been Pwned? project – a service based in Australia that helps people determine if their information has been compromised. The results? Certain combinations are so common that guessing them presents almost no challenge to an attacker.
Weak or reused passwords are a constant concern. But how secure is your PIN? Those four digits unlock your phone and, with it, access to emails, banking apps, and work documents.
You might unlock your phone with a fingerprint or facial recognition. However, system updates, restarts, or other issues can force you to revert to entering your PIN. That’s when the strength of those four numbers truly matters.
The math is straightforward. A four-digit PIN offers a maximum of 10,000 combinations, from 0000 to 9999. While that sounds like many attempts, faster methods exist to crack certain codes. This represents where a list of dangerous combinations becomes critical.
The analysis of over 29 million leaked PINs revealed that nearly one in ten people use the same four-digit code. This data created a ranking of the fifty most common combinations – ones everyone should avoid. If a journalist can discover these, so can a thief targeting mobile phones or payment cards.
Avoid Obvious Patterns
The most common PIN remains 1234, followed by 1111 and 0000. The top ten also includes 1342, 1212, 2222, 4444, 1122, 1986, and 2020. The full list of fifty most widespread combinations includes 4321, 2468, 2580, repeating sequences like 3333, 5555, 6666, 7777, 8888, and 9999, as well as several years from 1973 to 1984 and 2005. Dates of birth and significant anniversaries are consistently flagged as risky choices by security experts.
The recommendation is simple: avoid obvious sequences and repeating digits, as well as combinations with personal significance – those are the first ones attackers try. To prevent someone from accessing your phone when you’re distracted, forget birthdays, anniversaries, and aesthetically pleasing number sequences.
The history of the PIN is also noteworthy. While often credited to James Goodfellow, who patented the technology in 1966, Mohamed M. Atalla also filed a patent in 1972 for a system verifying PINs using a hardware security module. His device, commercially released in 1973 as the Identikey (or Atalla Box), was the first PIN-reading card reader. This is why Atalla is sometimes, though confusingly, called the father of the PIN code.
Since then, the four-digit code has become a global standard. Despite its simplicity, it remains a cornerstone of security, either as a standalone protection or as a backup for biometric methods. Its widespread use and simplicity, however, invite complacency.
The data from the analysis of 29 million leaked codes is a warning: if you use one of the fifty most common combinations, you are far from alone. And that’s the problem. In security, blending in doesn’t necessarily make you less visible. Quite the opposite. The more common a choice, the more likely an attacker is to try it first.
Frequently Asked Questions
What was the most common PIN code found in the analysis?
The most common PIN code identified in the analysis was 1234.
How many PIN codes were analyzed in the study?
The analysis examined over 29 million PIN codes that had appeared in databases following data breaches.
Why are dates of birth considered risky PIN choices?
Dates of birth and significant anniversaries are considered risky because attackers often try these as potential PINs.
Are you among the millions using a predictable PIN code?