Banking Blog

Finance Blogs » Banking » Is your PIN too easy to guess?

Is your PIN too easy to guess?

By Claes Bell, CFA · Bankrate.com
Monday, September 24, 2012
Posted: 3 pm ET

Is the personal identification number on your debit card your birth year? A year made famous by a movie title? The same digit repeated four times? It might be time to change it.

A new study by data analysis firm DataGenetics shows many consumers are making it way too easy for thieves to guess their PINs. Researchers combed the Internet for account numbers and PINs exposed by data breaches and looked at the PIN numbers people chose. Overall, they found that thieves could unlock "a staggering 26.38 percent" of PIN-protected accounts by trying just 20 combinations out of a possible 10,000.

That's important, because many systems that use PINs tend to lock an account if someone makes more than a certain number of incorrect guesses to try and access it. If a thief can guess the PIN with just a few tries because it's one of several of the most common, they may be able to gain access and clean out your checking account before it's locked.

Unfortunately, the study found that lots of people use some fairly obvious PINs.

  • Nearly 11 percent of the accounts surveyed had "1234" as their PIN.
  • Repeated digits were popular. More than 6 percent use "1111" and almost 2 percent use "0000."
  • PINs from movies were also popular, with "1984, "2001," "0007" and 0070 (for James Bond) in the top 30 PINs overall.
  • PINs that started with "19," probably marking an anniversary, birth year or some other important date for that person, made the list.

So what number should you use? Random numbers with no special significance may be hard to remember, but they do make the best PINs. DataGenetics found the number "8068" was the least-used PIN, but cautioned readers against using it on the grounds that hackers can read, too.

What do you think? Are people who pick an obvious PIN putting themselves in danger?

Follow me on Twitter: @ClaesBell.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
12 Comments
Allah AckBarf
October 05, 2012 at 8:17 am

Any suggestions given here have been known by hackers for decades.

This stuff is nothing new. For some good discussions on ATM security and skimming devices (with pictures of what to look for) visit krebsonsecurity.com

Arm yourselves with the knowledge that the scammers already have.

More digits is pretty good advice.