Someone might remember 3791, but they won't easily recall 379114928, and they may reason 123456789 is as difficult as any other number. Why? Why does the problem worsen with additional digits? As people are forced to use more digits, I hypothesize they react by falling back on easy-to-recall patterns such as sequences. To reemphasize, the greater the number of digits required, the more predictable selections become. (And as we know, Social Security Numbers contain their own well-known patterns.) As for the remaining 64%, there's a good chance they're using their Social Security Number, which makes them vulnerable. In fact, about half of all 9-digit PINs can be reduced to two dozen possibilities, largely because more than 35% of all people use the all too tempting 123456789. The problem with guessable PINs surprisingly worsens when customers are forced to use additional digits, moving from about a 25% probability with fifteen numbers to more than 30% (not counting 7-digits with all those phone numbers). These same overall patterns persist with PINs longer than four digitsĪlthough people tend to pick phone numbers when forced to select 7-digits, thus adding artificial randomization to the mix. The 1980s hit 867-5309 peaked at #4 on both the Billboard Hot 100 chart and the hottest 7-digit PIN list. Others look to pop culture for inspiration, especially fans of James Bond (0007 or 0070), Star Trek (1701), or George Lucas (1138). Perhaps we still hear childhood chants in our head from when we learned to count.Ī few users exhibit a distinct lack of imagination, to wit: 0001. People love couplets, paired digits such as 1010, 1212, theĮver-popular 6969, Intel’s 8080, or that Zager and Evans song, 2525.Įven when not using 9898 or 2323, people exhibit a preference for pairs Unconscious human subtleties we're unaware of. Sky while others exhibit a warp and woof of woven fabric revealing Using graphing tools and such visuals as 'heat maps', researchers canĭetermine less than obvious patterns. And let's face it: Security and convenience find themselves at odds with each other. Visual patterns produce deceptively random-looking numbers, but statistics demonstrate they offer little security. Popular visuals are a square (1397), a cross (2046), an X (1937), and the most popular of all, a Take 2486, which has two strikes against it: It not only comprises semi-sequentialĮven numbers, but it's also a visual pattern, a diamond on a keypad. Popular dates that go beyond birthdays include George Orwell's literary Represents month-and-day ( MMDD) or day-and-month ( DDMM). Young and eighty possibilities if you aren’t, but a few more if the number One hundred, probably a lot less, maybe twenty possibilities if you’re If 19, your herd's shrunk to 100.ĭo you use the internationally ubiquitous top N° 1 PIN? 1234? Or another of theĭoes your number begin with 19xx, perhaps a date? The possible numbers are now If yours starts with 1, you’ve reduced the possibilities from 10,000 The vast majority of PIN numbers begin with 1 orĠ. Knowing a little about you (Social Security Number, birth date, etc.) might help hackers, but the PINs and alarm codes of one in four customers can be reduced to sixteen or so numbers. Doesn't a 4-digit PIN imply guessing one is only a 1-in-10,000 chance? And past behavior suggests people will continue using an easily exposed code even after reading an article like this.īut wait. People use one for everything, even their security alarm code. Think about your PIN number, ‘PIN’ singular because most From the standpoint of crime writers, we can use the information below What do you have inįrom the aspect of a consumer, we can use Penalties, but their rantings and ravings are meant to detract attention from their ownīut a third party is involved, you, the customer. Wicked– for coming inside and wandering around. Unlocked, you could hardly blame the curious– or the If a bank left the keys in their door at night or even left it Washington Mutual a while to come up to speed, but my present bank still allows only a ten character password. Weaker than some porn sites (so I’m told, ahem). Has beefed up its on-line security since I last owned a card, but its password protection was Inadequate security protection, the type of inadequacy where the word More often than you might imagine, financial institutions deploy
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |