
The World's Least-Popular Four-Digit PIN: 8068 - sethammons
http://www.slate.com/blogs/future_tense/2012/09/19/how_to_choose_a_pin_code_avoid_birth_date_1234_or_8068.html
======
pilom
> Data Genetics came up with the numbers by analyzing a database of 3.4
> million stolen passwords that have been made public over the years. Most of
> these are passwords for websites. But by looking specifically at those that
> comprise exactly four characters, all of which are numerals, the researchers
> figured they could get a decent proxy for ATM PINs as well.

That seems like an incredibly faulty assumption. Most pins are auto-generated
randomly and then you are given the option to change them if you choose. Most
passwords are not. I'd guess that PINs would be FAR more random than 4 digit
passwords.

~~~
gregschlom
In the US at least, all banks I've had accounts with asked me to choose a PIN.

In France, I got a random PIN every time, except when the card expired, in
which case the new card had the same PIN as the old card.

~~~
Vespasian
> In France, I got a random PIN every time, except when the card expired, in
> which case the new card had the same PIN as the old card.

Same in Germany with several banks I used.

------
onion2k
I'm tempted to write a script that takes the article text and replaces the
most common PINs with random alternatives picked from 9999 of the 10000
possibilities, and then shares it to social media to get people to see it. One
PIN, my special chosen PIN, would never be seen. That way, after enough people
see a random version of the article and change their PIN because they think
it's a common one, eventually my chosen PIN would be _slightly_ more common
that the rest.

I'm gonna be rich!

~~~
ianai
Ah yes, the "??? Profit!" Business plan. Always, 100% successful.

------
dzdt
I recently got the following text message from Verizon:

    
    
      FREE VZW MSG: The security 
      of your Verizon account is
      extremely important to us. 
      Your personal identification 
      number (PIN) or password does
      not meet our new security 
      requirements. Please log
      into your My Verizon account 
      and select a new 4-digit 
      PIN as soon as possible.
    

My PIN was not in the top 20 but probably in the top 200. But how is requiring
a 4 digit PIN at all compatible with "security is extremely important to us"?
And how many PINs do you suppose they blacklist?

~~~
Freestyler_3
The easiest ones are blacklisted for example: 4 repeating numbers and 1234.

The 4 digit pin is not secure. It is like my bank telling me I can't use
special characters in my password for online access and max length is 20 chars
but way way worse.

My bank card has a 4 pin code that I need to enter when purchasing items, its
a minor security. but it doesn't need to more complicated, if I lose my card I
will have to call to block it. If my card gets duped then they probably know a
way to see me enter my pin. (agreement with bank states that in many cases I
will get my money refunded if stolen)

For a thing like voicemail, if its accesable without taking or copying your
sim, it is a bad security measure. The other required data is often easily
obtained. (postcode, birthyear, etc)

~~~
Theodores
I beg to differ about 4 repeating numbers. I have such a number, allocated by
a bank. As I see it nobody is ever going to guess my pin because they would
assume it was blacklisted. I also get to do a different dance entering in the
pin in public places because I have to pretend I am typing anything other than
just the same number, at places where security is not a problem I can breeze
through entering my pin nice and quickly.

I have not felt the urge to request a change of pin from 'one number' to four.

~~~
Freestyler_3
It all depends on country and bank. They are more often blacklisted than not.
Funny, how you have to dance around entering your pin. I can enter my 4
different digits so fast with almost the same intervals that it seems like I
am entering 4 same digits.

Unfortunately many pins are stolen by skimming, they sometimes place a whole
cover over the ATM. Not taking function away but just copying all cards and
filming all codes being entered or having an overlay on the keys.

------
biofox
My brain initially misread that as 8086. I started to wonder if people might
have an aversion to using processor model numbers due to their familiarity...
but apparently not.

~~~
agumonkey
Ha, funny, me too.

------
nerevarthelame
Their methodology (not having actual access to PINs and trying to infer from
numbers in passwords) may be flawed.

I work for a company that, a long time ago, used 4-digit PINs for account
security. Our historical data (covering millions of accounts) shows that,
overwhelmingly, the least-common PINs are those that start with the digit "0",
which makes sense to me as a counter-intuitive PIN selection.

Their comments about the most-common PINs do seem generally accurate, based on
my data.

------
johan_larson
What's the current state of the art in keeping track of passwords and PINs? I
have a folder in my house full of various papers and cards with passwords and
PINs dating back to the mid-nineties. Surely not the best solution, but at
least I don't carry the thing on me or put the data online.

~~~
NoGravitas
I think the standard would be to use a password manager such as KeePass, with
a long random passphrase such as five to six words chosen truly randomly from
a large dictionary.

A folder or notebook in your house is not terrible, actually, since it lets
you avoid reusing passwords (though it won't generate strong passwords for you
like a password manager will). Harder to back up. You might want to keep it in
a fireproof safe.

------
tallowen
> Researchers at the data analysis firm Data Genetics Also known as cool guy
> who works as a data analyst at Facebook:
> [https://www.facebook.com/nick.berry](https://www.facebook.com/nick.berry)

He also has a ton of other cool blog posts that I find pretty thought
provoking:
[http://datagenetics.com/blog.html](http://datagenetics.com/blog.html)

For example:
[http://datagenetics.com/blog/may32013/index.html](http://datagenetics.com/blog/may32013/index.html)

------
rbobby
I have a new pin! Wait... no I don't! Everyone ignore what I just said.

~~~
ErikVandeWater
Since it's on HN it is now the most common pin of tech ceos and sysadmins.

------
Declanomous
Surprisingly, 1337 does not seem to be a particularly common PIN. Perhaps
individuals who find 1337 entertaining are tech savvy enough to realize you
shouldn't use common meme numbers for PINs?

Edit: ZIP Codes are 5 digits. Not entirely sure how I screwed that one up.

~~~
Nadya
_> Also, I bet the prevalence of 6 digit numbers is in part due to US ZIP
Codes being 6 digits. It would be interesting to break down the 6 digit ZIPs
into valid and non-valid ZIP codes._

More likely because of DDMMYY instead of DDMM or MMYY (or the inverses).

Example, release date of a Led Zeppelin album: 032873

~~~
Declanomous
That makes sense.

As other people have pointed out, ZIP codes are also 5 digits. Not entirely
sure why I thought they were six, considering a quarter of my job is building
systems that process mailing data. I'm going to blame this on an extended case
of the Mondays.

------
LeoPanthera
Well not anymore.

------
theonemind
Slightly off topic: my ATM PIN is 8 digits long, has been for about 10 years.
Never had a problem at any machine or POS. I don't know if everyone knows
longer PINs work. I think you can go up to 12 digits.

------
SeanDav
8068 just became far more popular!

------
pasbesoin
"Formerly..."

------
visarga
Not for long!

