Previous discussion:<p>Most to least common 4-digit PIN numbers from an analysis of 3.4M - <a href="https://news.ycombinator.com/item?id=40306374">https://news.ycombinator.com/item?id=40306374</a> - (56 points, 18 comments, 5 days ago)
Funny/stupid anecdote: a bunch of my kids' friends have the same phone unlock PIN as me because I set my son's new phone PIN the same as mine so he would also be able to unlock my phone if necessary.<p>When his friends started getting phones as well, they copied his. This has migrated through some of the friends' siblings as well.
[dupe]<p>Discussion: <a href="https://news.ycombinator.com/item?id=40306374">https://news.ycombinator.com/item?id=40306374</a><p>Some previous discussions on the 2012 source of the data (<a href="http://www.datagenetics.com/blog/september32012/index.html" rel="nofollow">http://www.datagenetics.com/blog/september32012/index.html</a>)<p>2018 <a href="https://news.ycombinator.com/item?id=17670173">https://news.ycombinator.com/item?id=17670173</a><p>2013 <a href="https://news.ycombinator.com/item?id=5124024">https://news.ycombinator.com/item?id=5124024</a><p>2012 <a href="https://news.ycombinator.com/item?id=4535417">https://news.ycombinator.com/item?id=4535417</a>
I moved to Switzerland, and, well, PIN codes for credit cards are 6 digits here by default.<p>And now I'm asking myself why noone else does this. I don't see hordes of Swiss people complaining about being unable to remember a 6-digit PIN at least.
I love DataGenetics, lots of interesting puzzles like that on there. There's a very unique style to all the visualizations and the solutions/analyses are always clear.<p>Sadly, there was a post by the author in June 2019 about being diagnosed with Stage IV cancer [0]. There have been no posts since July 2022. I sincerely hope that's just because Nick doesn't have the time to blog anymore.<p>[0] <a href="https://datagenetics.com/blog/june12019/index.html" rel="nofollow">https://datagenetics.com/blog/june12019/index.html</a>
61 pins are used by 1/3rd of all people. So statistically, if I steal 61 debit cards, assuming I have 3 tries, and assuming people choose their own pin, I should be able to get cash off one in expectation.
I think the situation for actual PIN codes may be slightly better than suggested; sometimes (in the UK at least) your bank will assign you an initial PIN and I expect many people won’t change it, and by using a dump of passwords, you’ve probably captured some people who have created throwaway accounts and chosen the easiest possible password.
I used be lead dev for a big streaming site with >2m users and, well, no judgment here please, but the passwords were plaintext in the database.<p>So me and another dev ran a SQL script to see what the most common were.<p><pre><code> #1 was trustno1
#2 was password
#3 was 1234
</code></pre>
We had no password rules either, so IIRC you could have a 1-char password.
Before reaching the bottom of the article, I was wondering about 19xx codes, given that I've heard many people using years, or month/day pairings for garage door codes and such.<p>I was glad to see those plotted out. I was also initially surprised that not a single 19xx pin made the top 20, but I suppose it makes sense considering that there are 100 different combinations of this code.
If this site did have a field where you could enter a pin to see how common it was, you could make a really targeted phishing attack by sending the link to someone whose pin you want to know, then looking at what they click on or enter ("I'll just see how good my pin is...")
This piece reminds me of the four-digit lockbox that holds the key to get out onto our roof. Great views up there.<p>I knew that mathematically it would be pretty easy to brute force, and figured I could belt out a thousand combos per day and probably get it done within the week or so. "Well, no time like the present," I thought, "...better get crackin'." <i>((of knuckles))</i><p>Changed the combo to 0000, pulled the handle, and... click! Opened on the first try. :-D
If this analysis is from 2012, I wonder if the results would look much different using data since then? Would any patterns have changed that much? Other than more birth years in 20--, my initial guess would be no.
Side note: DataGenetics has been my favorite blog in mid-2010s. Lots of great posts:<p><a href="http://www.datagenetics.com/blog.html" rel="nofollow">http://www.datagenetics.com/blog.html</a>
My sister had a key lock box at home that she didn't know the code for.<p>I had a look on YouTube and sure enough there was an easy way to pick the lock.<p>The resulting code - 01234
Actual article: <a href="http://www.datagenetics.com/blog/september32012/index.html" rel="nofollow">http://www.datagenetics.com/blog/september32012/index.html</a><p>Should be changed to this, rather than screenshot + link blogspam.
I think the least common PIN codes are fascinating. I'm surprised by the number of 7s in these. They looks like numbers you would end up with if you asked someone to think of a random 4 digit number.<p>List transcribed by ChatGPT: 8557, 8438, 9539, 7063, 6827, 0859, 6793, 0738, 6835, 8093, 9047, 0439, 8196, 6693, 7394, 9480, 8398, 7637, 9629, 8068.