Despite a rise in credit card fraud, the most commonly-used PIN is still 1234, with 1111 and 0000 coming in second and third.
Research has revealed that one in ten codes is so obvious it would take criminals just one attempt to guess it correctly, while more than a quarter of the codes are used so often they can be guessed in fewer than 20 attempts.
The study from DataGenetics analysed 3.4 million four-digit codes and found that many people use birth years as PINs, making it even easier for hackers to guess a code simply by finding out a person’s age from online accounts.
Research from security experts McAfee has found that 17 per cent of people in Europe have been victims of credit card fraud, at a cost of £1,076 per person.
Last year the total cost of credit card fraud in the UK from criminals hacking and cloning cards was £42.1 million and the total amount of fraud committed through all credit card-related crimes was £388 million.
There are 10,000 possible combinations for four-digit PIN codes using 0 to 9.
DataGenetics used data from previously released password tables and security breaches.
By combining the password databases, researchers filtered the results to show just four-digit numbers and were able to analyse 3.4 million four-digit passwords.
They discovered that all of the possible 10,000 combinations – from 0000 to 9999 – were found in the data list.
The most popular password was 1234, but the amount of times this number occurred ‘staggered’ the researchers – almost 11 per cent of the 3.4 million passwords were 1234.
This PIN was also more popular than the 4,200 codes at the bottom of the list combined.
The next most popular 4-digit PIN was 1111, used more than 6 per cent of times.
In third place was 0000 at two per cent.
Data Genetics compiled a list of the top 20 passwords and found that 26.83 per cent of all the passwords in the list could be guessed by attempting these 20 combinations.
The researchers said: ‘Statistically, with 10,000 possible combinations, if passwords were uniformly randomly distributed, we would expect these twenty passwords to account for just 0.2per cent of the total, not the 26.83 per cent encountered.’
The more popular password selections dominate the frequency tables and the study found that 10 per cent of PINs could be guessed correctly first time.
More than 20 per cent could be guessed by using just five attempts and statistically, one third of all codes could be guessed by trying just 61 distinct combinations.
The data found that the least-used code was 8068 with just 25 appearances in 3.4 million – far fewer than random distribution would predict.
The researchers also noted that many of the high-frequency PINs could be interpreted as years because many began with 19, for example, 1984, 1967 and so on.
This could be a birth year or anniversary and if a hacker can guess someone’s age, or even obtain it through birth records or online accounts, for example, they could make an educated guess at the PIN.
In fact, every single 19+ combination appeared in the top fifth of the list.
The majority of PINs in the DataGenetics list began with the number one, which may be due to the popularity of using birth years.
The numbers zero and two were also popular.
The research found that the higher the number from 0-9, the lower its frequency at the start of the code.
A recent study found that a pet’s name is the most common online password.
As many as one in six people uses their pet’s name as a password.
One is six Britons admitted accessing someone else’s account by guessing the password, with partners the most common target, followed by exs.
One in ten people has also guessed a work colleague’s password, the study by Google Apps found.
source: Dailymail UK