The four digit number combination that controls access to your bank account may be less secure than you think, according to researchers at the data analysis firm Data Genetics.
The blog found that despite warnings from banks and a measure of common sense, a surprisingly high percentage of passwords--close to 20 percent--are the still the simple combinations, "1234," "1111," and "0000." Combinations that begin with "19" are above the 80th percentile in popularity, with the highest numbers most popular. Birth years, as it turns out, are not the most secure choice either.
Data Genetics' results are based from analysis of a database of 3.4 million stolen passwords made public over the years, according to Slate. Most of these are passwords for websites, though researchers figured they could get a decent proxy for ATM PINs.
An average thief, guessing randomly, has a 1 in 10,000 chance of guessing an ATM PIN, those odds obviously go up if he or she guesses more than once, but they're still fairly slim. But an intelligent thief, one who realizes, for example, that a high proportion of combinations are birthdays, has a far higher chance of cracking the code, according to the data.
Based on this report, more than 10 percent of all accounts can be hacked with one guess, NBC News points out. A full third of all passwords are derived from just 61 variations.
Cracking the PIN puzzle has always been a major hurdle for thieves. But stealing or guessing a PIN number is not the only way a thief can drain a person's account.
In 2006, after customers of multiple banks reported fraudulent activity, investigators considered the possibility that criminals could have stolen PIN codes from a retailer, according to MSNBC.
Many retailers inadvertently store their customers' PIN information, according to MSNBC. The sensitive information then ends up saved in temporary files and other software nooks and crannies.
Skimming, a form of fraud where criminals steal PIN information using sophisticated remote devices, is also on the rise, according to Bankrate. Nearly one in five fraud victims reported having their credit card PIN or debit card ATM PIN information stolen in 2009, according to Javelin Strategy & Research.
The site recommends some basic anti-fraud measures, including covering the keypad with one's hand to protect the combination from hidden cameras, checking one's balance frequently and using well-lit, familiar machines.
Similarly, Wells Fargo counsels its clients to select a PIN that "doesn't use any number or word that appears in your wallet (such as name, birth date, or phone number)." Changing passwords every six months is also recommended.
But assuming customers taken all these precautions, at the end of the day, choosing a safe PIN is still essential. So, what is the safest--or at least, was the safest--PIN number, according to Data Genetics? 8068. The four numbers appear in that sequence less than 0.001 percent of the time.
It should go without saying, however, that this is now a blatantly unsafe PIN. Apologies for those few unwitting customers who had been blithely using it.