Monday, October 8, 2012

One More Security Post - How Safe Is Your PIN?

A couple of weeks ago, an intrepid security researcher compiled a bunch of information from a bunch of different security breaches in order to get a picture of how people choose their PINs (note that PIN number is redundant - the "N" in PIN stands for "number"). What did he learn?

In an ideal world, PINs would follow a uniform distribution - that is, people would use totally randomly assigned PINs - but of course, people don't do that. In fact, interesting patterns emerge when looking at PINs in the real world. One of the more interesting graphs from the PIN analysis:

This chart shows a couple of interesting things:
  1. Numbers starting with 19xx are among the most popular PINs - almost certainly because people are using birth years or anniversaries as their PINs. Don't do this - it's very easy to find out the birthdays or anniversaries of yourself or your immediate family.
  2. The most frequently used PINs are used a lot - one third of all PINs could be guessed by trying only 61 distinct combinations (many of which start with 19xx), and 50% of all PINs could be guessed with only 426 combinations (far different from the 5,000 guesses it would take if PINs were randomly distributed).
Someone put together an infographic with a bunch of useful information about how to improve your own PIN security. It's really amazing how many people use such weak PINs - no wonder that electronic theft is on the rise.

If you need to improve your PIN security, you can just use the random PIN generated by the bank when you sign up for a bank account, or you can use PWGen (see my previous post on security) to generate a random PIN yourself - just double-check it to make sure the PWGen program doesn't generate a random PIN that is one of the very popular PINs below.

No comments:

Post a Comment