Your PIN is a password…

…and you should treat it just like all your other passwords. It should be difficult to guess (avoid using birthdays, significant years of your life, simple patterns, etc.) and you should also use a different one for each card, phone, voicemail, etc.

I read an article about a software author who had his software send back the PINs used for it (we’ll leave the opinion about this activity alone for right now). He found the ten most common PINs accounted for nearly 15% of all PINs used. The upshot of this is someone getting a random phone or ATM card has a one in seven chance of correctly guessing the PIN within the first ten attempts just because the user was too lazy to think of a more creative PIN. If the passwords were effectively random, the chance of correctly guessing it would be one in a thousand after ten tries.

Now, this software only relayed the PIN used to lock the software and not the phone itself.  How many people do you think use a different PIN for it?  Probably fewer than you think. Then there’s the ATM PIN.

Another opinion on this can be found here. The original research by the software author is here.

So, again, use different passwords everywhere, make them difficult to guess, and don’t use one which appears on one of these lists.

Comments are closed.