It doesn't take a rocket scientist to tell you most people are lax about password security...until its been compromised. Actually, it does take a (former) rocket scientist: Nick Berry formerly of Microsoft and current data privacy advocate crunched the numbers and discovered the sobering fact almost 11% of 4-digit PIN numbers rely upon "1234". He also discovered the least common 4-digit code, alongside some other unusual top #20 choices...
The next most popular 4-digit PIN [after "1234"] in use is 1111 with over 6% of passwords being this.
In third place is "0000", with almost 2%.
A table of the top 20 found passwords in shown at the right. A staggering 26.83% of all passwords could be guessed by attempting these 20 combinations!
(Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect the these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered)
Looking more closely at the top few records, all the usual suspects are present 1111 2222 3333 ... 9999 as well as 1212 and (snigger) 6969 .
It's not a surprise to see patterns like 1122 and 1313 occurring high up in the list, nor 4321 or 1010 .
2001 makes an appearance at #19. 1984 follows not far behind in position #26, and James Bond fans may be interested to know 0007 is found between the two of them in position #23 (another variant 0070 follows not much further behind at #28).
And the least common 4-digit PIN? "8068", with only 25 occurrences in 3.4 million in Berry's dataset study. He does note it wouldn't be prudent to change your PIN to "8068" now the sequence has been publicly outed.
Other fascinating tidbits from Berry's very detailed (and equally entertaining) study:
Check out the Nick Berry's complete PIN Analysis post over at the DataGenetics blog.
(Image: Gregory Han)
Small Cool Lessons: Discovering Small Space Design Ideas That Really Work
Beatriz's Fun & Functional Workspace
Good Food to Share 
The Big Book of Small, Cool Spaces 
Apartment Therapy Presents 
The Eight-Step Home Cure 
Sheex Bedding
A Work Week Menu Plan That You Can Do
How to Make Fresh Pasta Dough in the Food Processor
I learned a trick from an old friend. Use the last 4 digits of your childhood house phone, or better yet, your grandmother's phone. If you were born before 1990 you should remember it.
Passwords and PIN's in general have become insanely difficult to manage. The number of apps, websites and work functions that require them are through the roof and they are requiring increasingly complex and lengthy strings with each passing year. Almost everyone I know keeps a list of passwords in their cellphone or worse yet, written on a piece of paper. I understand that this is to combat identity theft, so I'm not against it -- but I don't how I'll manage when I'm forced to enter 10 eight digit passwords a day that contain random characters that need to be changed every 30 days.
I use LastPass to manage my passwords now, and generate random alphaneumeric passwords for all but the most important sites (where I can't afford to not know my password). I don't have to remember passwords to a hundred different sites, I don't share passwords across accounts, and I don't have passwords written down in an insecure place! Other methods of password management are to create a secret "formula" that depends on a some unique information, like a site's domain name or a device's name. Then you don't have to remember a bunch of different passwords - just a formula like, "stick the first three letters on the end of the domain name and replace Os with Y," or whatever.
"Hurrah for math! In position #17 of the ten digit password list we get 3141592654 (The first few digits of Pi)"
This one was interesting! The eleventh digit of pi is a 5, so the "tenth digit of Pi" can be either a 3 or a 4, depending on if the writer is rounding or truncating. I will admit I'm surprised that the rounded version is more common!
ITA, particleman. The thing that drives me the most crazy is the number of websites that make me have these crazy passwords for stuff that's not really that important.
A trick I often use for numeric only PINS is to spell out a name using the alpha/numerics on a telephone keypad.
I have three words and four sets of numbers which i used to make my passwords. If I ever forget, its some combo of the two.
Along the same lines as bluemamie's post above, I use the numbers of my grandparent's street address from when I was a child. I've been using it forever. It's not a full 4 digits, so I use zeros as placeholders, but I won't tell you if they're before or after the house number! :D
If passwords are supposed to be secret, then how did Mr. Berry get the data?
"All the usual suspects occur, but a new addition is the puerile addition in position #20 of the concatenation of ...".
Excuse me?
I use the street address numbers of my childhood home, as well as the mm-dd of my parents and brother.
PINs and passwords are a terrible burden for those of us who have lousy memories! Brings out the Luddite in me!
Oh, dear, loopilu, I do something like that. I thought it was original.
I have taken to rolling a d10 to generate random numbers...dorky, but it works! None of them are in that top 20! :)
After getting frustrated trying to remember them all I started using KeePass and now I only have to remember one pass phrase. The rest of them are safely locked in it's database. It's easy to use and I especially like the password generator - just tell it how complex you'd like it to be and voila.
If you have problems remembering passwords (not necessarily pins) than try using varitions of the same password. Like, if your password is, for example smith2000, try changing it up for different sights with SmItH200o, or Smith2000sMITH, etc. you might still have to keep track on paper, but at least you know what range it's in!
every post about password strength makes me remember this
http://xkcd.com/936/
i know i do a stupid thing, but i still do it. i use the same password for a lot of things. but i can only remember so much, so something has to give. If there could be a nice standard, that would help. Sites keep on adding the next thing, more characters, caps, numbers, symbols, emoticons, hiakus...
For my ATM, I kept the randomly generated PIN the bank machine spit out when I originally activated it. It feels safer because I didn't create it, it's not mnemonic, and has no tie to anywhere I've lived, any phone number, birthday, etc. But I can't remember a whole lot of numbers like that, and I have a whole lot of passwords and PINs!
I was wondering the same thing.
My sister asked me to guess her Amazon password. Took me one try. Good thing I'm honest, or i could buy a lot of books on her dime.
My sister asked me to guess her Amazon password. Took me one try. Good thing I'm honest, or i could buy a lot of books on her dime.
Snigger...don't you mean 'snicker'? What's a snigger? (the comment you made behind the 6969 reference? I know what you meant -- I think...but I know what you wrote...
my own trick is to use themes: city zip codes (the one you dream to visit) , birthdays of celebrities or places from books.... so a good password could be your favorite quote on a book or a bible versicule, for example "HarryPotter3107" (the character birthday) o "Dumasp145" ("p" for page).... make the page folding the corner, no one will know.
Sorry to say, snigger is the uk equivalent to snicker. Unfortunately for u GIT, when somebody is a git basically they are an a**hole in the uk. No joke, sorry, but it did make me chuckle how somebody with the name git was correcting somebodies spelling. Lol irony.
I use a telephone number I know from heart from childhood.
because that's what researchers do.