Cracking Your PIN Code: Easy as 1-2-3-4

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Quite easy, according to data scientist Nick Berry, founder of Data Genetics, a Seattle technology consultancy.

Berry analyzed passwords from previously released and exposed tables and security breaches, filtering the results to just those that were exactly four digits long [0-9]. There are 10,000 possible combinations that the digits 0-9 can be arranged into to form a four-digit code. Berry analyzed those to find which are the least and most predictable. He speculates that, if users select a four-digit password for an online account or other web site, it's not a stretch to use the same number for their four-digit bank PIN codes.

What he found, he says, was a "staggering lack of imagination" when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed were 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). (Last year SplashData compiled a list of the most common numerical and word-based passwords and found that "password" and "123456" topped the list.)

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says.

Many of the commonly used passwords are, of course, dates: birthdays, anniversaries, year of birth, etc. Indeed, using a year, starting with 19__, helps people remember their code, but it also increases its predictability, Berry says. His analysis shows that every single 19__ combination be found in the top 20% of the dataset.

more

Grand Master

Astra.Xtreme

Posted
Posted

Not really anything to be worried about unless the PIN actually is 1234, 1111, or 0000. You only get a couple tries before the ATM eats the card, so chances are the code won't be cracked in any timely manner.

Grand Master

Draconian Guppy

Posted
Posted

Not really anything to be worried about unless the PIN actually is 1234, 1111, or 0000. You only get a couple tries before the ATM eats the card, so chances are the code won't be cracked in any timely manner.

Only old ATMS eat the cards, the new ones are swipe only. However most block the card after 3 attempts.

Veteran

Wakers

Posted
Posted

True funny / sad story.

My secondary bank, Barclays, sent me a new debit card a couple of months after the last big article came online about the poor choice of pin codes that people were using.

Do you know the random code they sent me with the new card? 1986. Not only did it commit the mistake of starting with 19, but it also happened to be my year of birth. They got a very sarcastic email from me praising their competence and linking back to the online report.

They apoligised, at least.

  • gawicks and oliver182
  • Like 2
Grand Master

Nick H. Supervisor

Posted
  • Supervisor
Posted
Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers

That's terrible, but most cards only allow you three attempts before blocking, don't they? Which means that out of those 20 combinations you only have 3 attempts, which is...a 15% (I was never good at maths) chance of cracking a card that uses one of those 20 combinations?

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

Only old ATMS eat the cards, the new ones are swipe only. However most block the card after 3 attempts.

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

Grand Master

Hum

Posted
  • Author
Posted

you'd need some form of cutting tool and a battery cause only my right hand knows my pin.

^ I have no idea what that means. Biometrics ... ?

Besides the 3 times limit, what about the security camera taking your picture ?

Unless it's winter and you are bundled up, someone is going to know your face.

Grand Master

_neutrino Veteran

Posted
  • Veteran
Posted

unless you are like my bank and if you mess up your pin 4 times they lock you out for 24 hours, mess it up 2 days in a row and you are locked out for a month, lock it out after that and they kill your card and ship you a new one.

Grand Master

n_K

Posted
Posted

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

This guy obviously doesn't have a clue how smart cards (bank cards) work then, they're pretty similiar to SIM cards in that you have 3 attempts to input the correct pin, the bank machine transmits the PIN to the card, if it is wrong, it is not the bank machine that logs it but the smart card, after 3 wrong attempts, the smart card refuses to accept any more pin numbers and locks itself out (there is no PUK code for bank cards as there are SIM cards) and so the machine keeps it. Older cards would just refuse to accept any more PIN attempts but keep all the data in the smart card, newer cards destroy all data on the card when 3 attempts have been failed, because you can in theory reset the count or read off the data using a very powerful microscope though you'd have to know exactly where to look.

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

Besides the 3 times limit, what about the security camera taking your picture ?

Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * ?50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the ?200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.

Grand Master

Draconian Guppy

Posted
Posted

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

Yay! I guess that's one for Honduras, Central America :p

So we have poverty, bad public health care, education, insecurity, no value of life ( eg. getting shot for cellphone)... But we have swiping only ATMS :p

cajero2.jpg

250x250_1276145737_BAC%20empresas.jpg

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

I'd not put my card anywhere near that machine. The plastic bezel on the front looks so fake and "stuck-on", like one of the "skimmers" that people use over here.

Not saying it is, but it looks it.

  • +hedleigh and +Majesticmerc
  • Like 2
Grand Master

Brian M. Veteran

Posted
  • Veteran
Posted

Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * ?50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the ?200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.

I had a similar issue with Lloyds TSB - had my card "cloned" and spent in France. Bank told me outright that they were not responsible, and I must have given my PIN to someone. I complained to the FSA, who found that Lloyds had authorised the transactions on my cloned card without chip and pin (when they got the signature from the retailer, it was actually an exact copy of mine from the card, but I could prove I wasn't in France at that time), and made Lloyds pay out the ?150, plus ?140 odd in compensation for my time.

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.

Grand Master

Draconian Guppy

Posted
Posted

The first image is a "sorta" of close up of the second, if you can see, they're not the same, the one we have is the second one, I just needed something that pointed out the "swiping" part :p

Not all our banks have these though, a couple still have the "insert and eat" type.

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?

In third world hell, I just avoid them, unless I really, really have too :s

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.

It's part of the spec, the ability to bypass - it's a "fallback option" but thus negates all security. However, the onus of responsibility for the chargeback is placed on the terminal/merchant.

Grand Master

Anibal P

Posted
Posted

Not sure what Banks you all use, mine USAA locks you out of the online side after 3 errors same as with an ATM, then it takes a phone call to unlock either, stopped trying to enter passwords while not fully awake

Grand Master

xendrome

Posted
Posted

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

All of the Bank of America ATM's here were recently changed to where you put the card in and it spits it back out right away, then you enter your pin. I think it is to stop people from forgetting to 1: Press "Done' and 2: Leaving their cards behind.

And if the person drives away now before pressing done, and they request any other transaction they have to re-put their pin number back in.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • We check out the SKG PS700 Neck Massager

      By Steven P. · Posted

      We check out the SKG PS700 Neck Massager by Steven Parker I was offered the chance to test out the SKG PS700 Neck Massager, and full disclosure, they let me keep it regardless of my findings. Anyway, I jumped at the chance due to my long hours sitting at my desk; I figured it could offer some neck pain relief. What's in the box: SKG PS700-2 Neck Massager Rechargeable Battery (inside massager) Type-C USB cable User Manual Quick Start guide 1-Year Warranty In short, everything you need to get started. According to the official listing, here are the key features: Biomimetic Kneading & High Torque Motor: Designed with innovative biomimetic kneading heads that perfectly simulate the touch of human hands. Powered by a high-torque motor, this massager delivers powerful and precise deep tissue relief to effectively target stiff neck muscles and release built-up tension Soothing Heat & Integrated Sound Relaxation: Experience the ultimate Relaxationation with our dual-action approach. The soothing heat function gently warms your neck, while the built-in sound Relaxation provides calming audio tracks, helping you achieve a state of mindfulness and mental tranquility during your physical massage Cordless Convenience & Travel-Ready & Father's Day Gifts: Crafted for maximum portability and ease of use. Its lightweight, cordless design allows you to enjoy a premium massage anywhere without the hassle of tangled wires-whether you're taking a quick break at your desk or winding down at home Versatile Relief for Home & Office: An essential wellness companion for office workers, gamers, frequent travelers, or anyone looking to integrate mindfulness into their daily routine. It seamlessly fits into your lifestyle, providing instant neck relief whenever and wherever you need it Safe & Premium Materials: Manufactured with high-quality, skin-friendly materials to ensure a safe and comfortable experience without irritation. SKG backs this device with dedicated customer service, making it a thoughtful tech-health gift for family and friends App & Bluetooth Music Control: Connect via Bluetooth to control your massage settings through the dedicated app and enjoy your favorite music during your massage session for a fully customizable and immersive relaxation experience Red Light Warmth Technology: Features advanced red light warmth technology that penetrates deep into neck muscles to enhance blood circulation and provide soothing comfort while relieving muscle tension and stiffness Design With all that out of the way, here are my own findings. SKG does not say what materials are used to make the neck massager. However, on the product website, it mentions "soft-touch silicone" with what looks like PU leather cushioning, with the rest being mostly made up of plastics. On the inside of the massager, there are two "biomimetic kneading heads" that are motorized for the different styles of massage, which are not actually listed at all in the paper user manual, but the standard included modes are: De-stress mode, Mediation mode, Relax mode, Shiatsu mode. The massager looks quite premium and is actually very comfortable to wear. This massager is small and light enough to go anywhere, as it doesn't get in the way of anything, so I was able to use it in the chair while writing this review. Unlike the back massager, SKG does not warn in the user guide not to use it for more than 30 minutes a day (or two 15-minute sessions). However, there is a long laundry list of important safeguards to consider before and during the use of the device, and it is warned that the neck massager is not waterproof. It also includes a 1,400mAh battery with a rated power of 14W and input of 5V, which is the standard for up to USB 3.0 power (although the Amperage is not mentioned at all). SKG does not say how long it takes to charge, but a quick calculation at 2A (if that is what it is) would mean it would take roughly 1.5 hrs to charge from empty. In any case, the light around the button changes from orange to green on a full charge. In addition, it is not possible to use the device while it is charging. On the right of the neck massager is the On/Off and modes button, which also acts as a joystick. You can operate all the modes directly from the power button, as well as the app, which I'll get into a bit later: Push up: Short press to adjust Heat levels On/Off button: long press Mode Switching: Short press (while in operation) ➕ Push left: increase Music volume ➖ push right: decrease Music volume Push down: Short-press to turn Music on or off The massager defaults to De-stress mode, and it is not stated anywhere if the neck massager has overheat protection. This time around, regarding heat, the only detail I could find is that it has "triple action soothing heat." The temperature stages are not listed anywhere in the paper manual, Amazon listing, or official website. The heat levels can be adjusted through the app or directly on the device using the joystick button. Usage There's also the SKG Health app, which makes using the massager far easier than feeling around for the button on the side of your neck. If the app is stopped, you are required to log in with a verification code over email, which I am not too pleased with, as this means it will only work that way for however long SKG decides to support it through said app. However, I was not able to get the app to connect to the OS500, which I have reported back to my contact. Bluetooth appeared to be working on the neck massager as it became available to pair with my phone, but the SKG app failed to discover it. Before I forget, there's also a switch next to the USB charging port to deactivate and activate the Voice Prompt, which, when enabled, audibly tells the user when switching intensities, modes, or connecting to the app and informs when the massages start and are completed. That said, on to my likes and dislikes, which are listed below. What I didn't like Unable to connect the Neck Massager to the app Use through the mobile app relies on continued support from SKG What I liked Can be used without the app Cordless use Light and comfortable to wear Heat is also quite comfortable Where to buy: According to the official website, this has an MSRP of $249.99, but is currently $50 (on Amazon). To sweeten the deal a bit more, there's also an in-page coupon that knocks a further $20 off the price. SKG PS700-2 Neck Massager for $179.99 on Amazon (was $199.99) Apply the in-page $20 off coupon for the final price of $179.99 Just like the back massager, this gets a confused thumbs up (due to the cost). However, I cannot rate it through app usage as it failed to connect. As an Amazon Associate, we earn from qualifying purchases.
    • This Samsung T7 external SSD deal lasts less than a day

      By hellowalkman · Posted

      This Samsung T7 external SSD deal lasts less than a day by Sayan Sen Recently we had covered some nice deals of internal NVMe SSDs which include the 4TB TeamGroup G50 for only $400, the WD_BLACK SN7100 2TB for just $243, as well as the Samsung 990 PRO 1TB for $370. If however you require an external SSD for portability and quick data transfers and have a budget of less than $200 the Samsung T7 1TB model is currently on a limited time deal at just $190, it's lowest price in nearly three months. The deal ends today so you better hurry if you need one (purchase link below). The T7 weighs in at just 72 grams meaning it should be fairly easy to carry around helping in the portability department. Via its USB 3.2 Gen 2 interface the T7 promises sequential read speeds of up to 1050 MB/s and writes of 1000 MB/s. It is also fairly robust with a drop protection of up to 2 meters, though bear in mind that this is not waterproof. For that you will have to choose the rugged T7 Shield. The technical specifications of the Samsung T7 1TB are given in the table below: Specification Value Model Code (1TB) MU-PC1T0T / MU-PC1T0H Interface USB 3.2 Gen 2 (10 Gbps) Dimensions (W × H × D) 85 × 57 × 8 mm Weight 72 g Sequential Read Speed Up to 1,050 MB/s Sequential Write Speed Up to 1,000 MB/s Drop Resistance Up to 2 m (6.6 ft) Encryption AES 256-bit hardware encryption Operating Temperature 0°C to 60°C Non-Operating Temperature -40°C to 85°C Humidity 5% to 95% (non-condensing) Shock Resistance 1,500 G, duration 0.5 ms, 3-axis (non-operating) Vibration Resistance 20–2,000 Hz, 20 G (non-operating) Get it at the link below: Samsung T7 Portable SSD, 1TB External Solid State Drive, MU-PC1T0T/AM, Gray: $189.98 (Sold and Shipped by Amazon US) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By notta · Posted

      I just wish they would put more love into Virtual Desktops. There is just so much more they could do.
    • Creative Sound Blaster AE-X PCIe review: your headphones will love it

      By Steven P. · Posted

      Sounds like you just skimmed over the review, I answer all those questions in it. Although I admit I did not test if DTS works over the headphones, when I get some time I will test this. My personal use case is more speaker-driven (I cover this in the review too).
    • The official Funny Pictures thread

      By Steffan · Posted

  • Recent Achievements

    • Dedicated
      Almohandis earned a badge
      Dedicated
    • Dedicated
      JuvenileDelinquent earned a badge
      Dedicated
    • First Post
      DrWankel earned a badge
      First Post
    • Reacting Well
      DrWankel earned a badge
      Reacting Well
    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      +Edouard
      183
    3. 3
      PsYcHoKiLLa
      84
    4. 4
      Michael Scrip
      78
    5. 5
      Steven P.
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!