Pin numbers.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Banks (in India, most probably elsewhere too) block the login after three incorrect PIN entries (to unlock which the customer has to complete some formalities after visiting a bank branch). So, the customer has at least some protection.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
OriginalGriff wrote:
1234
"That's amazing. I've got the same combination on my luggage." :laugh:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Yeah - it's surprising how much human beings can skew what you might assume was pretty random data!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
They are not necessarily safer, just a lot more convenient. I think the banking industry (where PIN are used a lot ) weighted the pros and cons of 4 or 5 digits PIN and decided that there is a risk, but it's manageable. Also, I can't imagine having an ATM with a full keyboard and my dad trying to enter his password.
CI/CD = Continuous Impediment/Continuous Despair
-
OriginalGriff wrote:
1234
"That's amazing. I've got the same combination on my luggage." :laugh:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
They are not necessarily safer, just a lot more convenient. I think the banking industry (where PIN are used a lot ) weighted the pros and cons of 4 or 5 digits PIN and decided that there is a risk, but it's manageable. Also, I can't imagine having an ATM with a full keyboard and my dad trying to enter his password.
CI/CD = Continuous Impediment/Continuous Despair
Your pasword must contain ...[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
No pattern? 7410 goes down one side of a standard keypad, while 8520 goes down the middle.
Asking questions is a skill CodeProject Forum Guidelines Google: C# How to debug code Seriously, go read these articles. Dave Kreskowiak
-
No pattern? 7410 goes down one side of a standard keypad, while 8520 goes down the middle.
Asking questions is a skill CodeProject Forum Guidelines Google: C# How to debug code Seriously, go read these articles. Dave Kreskowiak
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
honey the codewitch wrote:
good luck tying them to me.
My phone number (number*s*, now that I've joined the club and carry a phone) has had the same last 4 digits for my entire life... If I used that as my PIN, anyone who knows my phone number would have a pretty good chance at guessing it.
-
honey the codewitch wrote:
good luck tying them to me.
My phone number (number*s*, now that I've joined the club and carry a phone) has had the same last 4 digits for my entire life... If I used that as my PIN, anyone who knows my phone number would have a pretty good chance at guessing it.
You have the same phone number you did when you were a child? :confused:
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
7410 is down the left hand side of the number keys pad of a full size keyboard. 8520 is the middle, it gets zero too since the zero key is usually a double width key. No idea about the 7942 though.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
-
No pattern? 7410 goes down one side of a standard keypad, while 8520 goes down the middle.
Asking questions is a skill CodeProject Forum Guidelines Google: C# How to debug code Seriously, go read these articles. Dave Kreskowiak
That's what I get for responding to a stale screen and not updating before I post. Wasn't trying to steal thunder or anything.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
Now someone needs to pin this post. We should probably do it in numbers.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated. I’m begging you for the benefit of everyone, don’t be STUPID.
-
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
obermd wrote:
I have yet to understand how PIN numbers are more secure than passwords.
It is most likely a numeric pin and not a password because manufacturing and maintaining a numeric keypad ATM machine is far more economical than producing one with a full fledged QWERTY keyboard. It almost always comes down to the costs.
-
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^] Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things: 1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination. 2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt AntiTwitter: @DalekDave is now a follower!
-
I was looking at physical distances between keys and I see that in most cases where each value is far from the next value they tend to be "more rare". Or, stated another way, "if your finger is already there, you probably pick something closeby". If you typed a 2 you probably type a 1 or 3 or maybe 5 next. The physical layout of the keypad does a lot to "force" certain combinations, I think.
-
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
-
I use the last 4 digits of old phone numbers I've had, like from my childhood. I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here: https://honeythecodewitch.com/gfx And my IoT UI/User Experience library here: https://honeythecodewitch.com/uix
