Cracking Your PIN Code: Easy as 1-2-3-4

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

If you lost your ATM card on the street, how easy would it be for someone to correctly guess your PIN and proceed to clean out your savings account? Quite easy, according to data scientist Nick Berry, founder of Data Genetics, a Seattle technology consultancy.

Berry analyzed passwords from previously released and exposed tables and security breaches, filtering the results to just those that were exactly four digits long [0-9]. There are 10,000 possible combinations that the digits 0-9 can be arranged into to form a four-digit code. Berry analyzed those to find which are the least and most predictable. He speculates that, if users select a four-digit password for an online account or other web site, it's not a stretch to use the same number for their four-digit bank PIN codes.

What he found, he says, was a "staggering lack of imagination" when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed were 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). (Last year SplashData compiled a list of the most common numerical and word-based passwords and found that "password" and "123456" topped the list.)

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says.

Many of the commonly used passwords are, of course, dates: birthdays, anniversaries, year of birth, etc. Indeed, using a year, starting with 19__, helps people remember their code, but it also increases its predictability, Berry says. His analysis shows that every single 19__ combination be found in the top 20% of the dataset.

more

Grand Master

Astra.Xtreme

Posted
Posted

Not really anything to be worried about unless the PIN actually is 1234, 1111, or 0000. You only get a couple tries before the ATM eats the card, so chances are the code won't be cracked in any timely manner.

Grand Master

Draconian Guppy

Posted
Posted

Not really anything to be worried about unless the PIN actually is 1234, 1111, or 0000. You only get a couple tries before the ATM eats the card, so chances are the code won't be cracked in any timely manner.

Only old ATMS eat the cards, the new ones are swipe only. However most block the card after 3 attempts.

Veteran

Wakers

Posted
Posted

True funny / sad story.

My secondary bank, Barclays, sent me a new debit card a couple of months after the last big article came online about the poor choice of pin codes that people were using.

Do you know the random code they sent me with the new card? 1986. Not only did it commit the mistake of starting with 19, but it also happened to be my year of birth. They got a very sarcastic email from me praising their competence and linking back to the online report.

They apoligised, at least.

  • oliver182 and gawicks
  • Like 2
Grand Master

Nick H. Supervisor

Posted
  • Supervisor
Posted
Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers

That's terrible, but most cards only allow you three attempts before blocking, don't they? Which means that out of those 20 combinations you only have 3 attempts, which is...a 15% (I was never good at maths) chance of cracking a card that uses one of those 20 combinations?

Grand Master

neufuse Veteran

Posted
  • Veteran
Posted

Only old ATMS eat the cards, the new ones are swipe only. However most block the card after 3 attempts.

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

Grand Master

Hum

Posted
  • Author
Posted

you'd need some form of cutting tool and a battery cause only my right hand knows my pin.

^ I have no idea what that means. Biometrics ... ?

Besides the 3 times limit, what about the security camera taking your picture ?

Unless it's winter and you are bundled up, someone is going to know your face.

Grand Master

LittleNeutrino Veteran

Posted
  • Veteran
Posted

unless you are like my bank and if you mess up your pin 4 times they lock you out for 24 hours, mess it up 2 days in a row and you are locked out for a month, lock it out after that and they kill your card and ship you a new one.

Grand Master

n_K

Posted
Posted

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

This guy obviously doesn't have a clue how smart cards (bank cards) work then, they're pretty similiar to SIM cards in that you have 3 attempts to input the correct pin, the bank machine transmits the PIN to the card, if it is wrong, it is not the bank machine that logs it but the smart card, after 3 wrong attempts, the smart card refuses to accept any more pin numbers and locks itself out (there is no PUK code for bank cards as there are SIM cards) and so the machine keeps it. Older cards would just refuse to accept any more PIN attempts but keep all the data in the smart card, newer cards destroy all data on the card when 3 attempts have been failed, because you can in theory reset the count or read off the data using a very powerful microscope though you'd have to know exactly where to look.

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

Besides the 3 times limit, what about the security camera taking your picture ?

Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * ?50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the ?200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.

Grand Master

Draconian Guppy

Posted
Posted

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

Yay! I guess that's one for Honduras, Central America :p

So we have poverty, bad public health care, education, insecurity, no value of life ( eg. getting shot for cellphone)... But we have swiping only ATMS :p

cajero2.jpg

250x250_1276145737_BAC%20empresas.jpg

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

I'd not put my card anywhere near that machine. The plastic bezel on the front looks so fake and "stuck-on", like one of the "skimmers" that people use over here.

Not saying it is, but it looks it.

  • +Majesticmerc and +hedleigh
  • Like 2
Grand Master

Brian M. Veteran

Posted
  • Veteran
Posted

Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * ?50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the ?200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.

I had a similar issue with Lloyds TSB - had my card "cloned" and spent in France. Bank told me outright that they were not responsible, and I must have given my PIN to someone. I complained to the FSA, who found that Lloyds had authorised the transactions on my cloned card without chip and pin (when they got the signature from the retailer, it was actually an exact copy of mine from the card, but I could prove I wasn't in France at that time), and made Lloyds pay out the ?150, plus ?140 odd in compensation for my time.

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.

Grand Master

Draconian Guppy

Posted
Posted

The first image is a "sorta" of close up of the second, if you can see, they're not the same, the one we have is the second one, I just needed something that pointed out the "swiping" part :p

Not all our banks have these though, a couple still have the "insert and eat" type.

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?

In third world hell, I just avoid them, unless I really, really have too :s

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.

It's part of the spec, the ability to bypass - it's a "fallback option" but thus negates all security. However, the onus of responsibility for the chargeback is placed on the terminal/merchant.

Grand Master

Anibal P

Posted
Posted

Not sure what Banks you all use, mine USAA locks you out of the online side after 3 errors same as with an ATM, then it takes a phone call to unlock either, stopped trying to enter passwords while not fully awake

Grand Master

xendrome

Posted
Posted

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

All of the Bank of America ATM's here were recently changed to where you put the card in and it spits it back out right away, then you enter your pin. I think it is to stop people from forgetting to 1: Press "Done' and 2: Leaving their cards behind.

And if the person drives away now before pressing done, and they request any other transaction they have to re-put their pin number back in.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Kdenlive 26.04.2

      By Copernic · Posted

      Kdenlive 26.04.2 by Razvan Serea Kdenlive is an acronym for KDE Non-Linear Video Editor. It works on GNU/Linux, Windows and BSD. Through the MLT framework, Kdenlive integrates many plugin effects for video and sound processing or creation. Furthermore Kdenlive brings a powerful titling tool, a DVD authoring (menus) solution, and can then be used as a complete studio for video creation. Kdenlive supports all of the formats supported by FFmpeg or libav (such as QuickTime, AVI, WMV, MPEG, and Flash Video, among others), and also supports 4:3 and 16:9 aspect ratios for both PAL, NTSC and various HD standards, including HDV and AVCHD. Video can also be exported to DV devices, or written to a DVD with chapters and a simple menu. Video editing features: Multi-track editing with a timeline and supports an unlimited number of video and audio tracks. A built-in title editor and tools to create, move, crop and delete video clips, audio clips, text clips and image clips. Ability to add custom effects and transitions. A wide range of effects and transitions. Audio signal processing capabilities include normalization, phase and pitch shifting, limiting, volume adjustment, reverb and equalization filters as well as others. Visual effects include options for masking, blue-screen, distortions, rotations, colour tools, blurring, obscuring and others. Configurable keyboard shortcuts and interface layouts. Rendering is done using a separate non-blocking process so it can be stopped, paused and restarted. Kdenlive also provides a script called the Kdenlive Builder Wizard (KBW) that compiles the latest developer version of the software and its main dependencies from source, to allow users to try to test new features and report problems on the bug tracker. Project files are stored in XML format. An archiving feature allows exporting a project among all assets into a single folder or compressed archive. Built-in audio mixer Kdenlive 26.04.2 changelog: Remove not needed actions from render info, fix rough size calculation for rendering. Fix clip sometimes not inserted in timeline when moving vertically in bin drag. Fix transcoding from clip properties. Cleanup render profile audio quality. Use percent based value for audio quality, and adjust the range accordingly per codec. Fixes bug #520750 Enforce even numbers for render width/height. Fixes bug #520737 Fix nightly flatpak - disable rnnoise until implemented. Fix missing initialization. Edit mediacapture.cpp. Fix document unnecessarily marked as modified on opening, triggering a backup request. Fix incorrect detection of missing and remote clips causing unwanted backups. Fixes issue #2194 Fix tests. Fix tmp files copied to wrong location when setting project folder. Fixes bug #467740 Fix color clips not selected on creation. Use QFileInfo instead of QUrl/QDir to try fixing Windows shared drives. Fixes bug #451413 Fix timeline preview incorrectly invalidated when a track with effect duration changed. Fixes bug #514541 Fix missing var. Display paths in native format in render widget. Fixes bug #520428 Simple splash: fix pressing return always triggered the same button. Minor update to simple splash. Fix unwanted clips added to timeline and cleanup. Fixes issue #2190 Minor layout improvements to welcome screen, add Quit and Open shortcuts. Fix broken welcome dialog layout in tiling compositors. (craft) Limit the number of CPU cores used during a Windows build with mingw as some .cpp files are memory intensive to build. (kde-ci) Limit the number of CPU cores used during a build as some .cpp files are memory intensive to build. (kde-ci) Cleanup old entries. Another fix for animation crash. Fix uninitialized function - crash on create animation. Another attempt to fix MacOS permissions. MacOS: fix bundle release version. Fix MacOS plist path. Fix MacOS build. Explicitely link against Qt::Core. Download: Kdenlive 26.04.2 | 128.0 MB (Open Source) Download: Standalone Executable View: Kdenlive Home page Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Here's how to watch the Xbox Games Showcase today and what to expect

      By LoneWolfSL · Posted

      Here's how to watch the Xbox Games Showcase today and what to expect by Pulasthi Ariyasinghe The June games showcase week has been a packed one, with everything from major presentations like Sony and Summer Game Fest to indie-focused reveals coming in almost every day. Now, it's almost time for another big one, with Microsoft bringing its Xbox Games Showcase back later today. This is a double feature too, with a Gears of War E-Day deep dive also being attached to it. For anyone wanting to tune in online, the 2026 Xbox Games Showcase is kicking off at 10 AM PT | 1 PM ET | 6 PM BST | 7 PM CEST later today, June 7. The event will be available to watch on the official Xbox YouTube (4K 60FPS), Twitch, Facebook, Steam, Amazon Live, and other portals. Separate livestreams for American Sign Language and Audio Description will also be available. "This year marks 25 years of XBOX, and this Showcase is poised to be a true celebration, offering world premieres, new gameplay, fresh updates, and more for a swathe of projects we cannot wait to share," said Microsoft about this presentation. With a new CEO behind it that is pulling off some interesting moves, Xbox may have some surprises to reveal today. New looks at first-party games like Halo Campaign Evolved from Halo studios, Fable from Playground Games, InXile Entertainment's Clockwork Revolution, Mojang's Minecraft Dungeons II, and Call of Duty: Modern Warfare 4 from Infinity Ward are to be expected here. We may finally get to see the new Blade from Arcane Studios in action and a new Persona game from Atlus at the showcase too. Surprise announcements may also arrive from other Microsoft-owned studios like Bethesda, MachineGames, Ninja Theory, Obsidian, Rare, World's Edge, or Blizzard. Considering how every new release nowadays is staying away from November and December to avoid Grand Theft Auto VI's release, any launch dates Microsoft announces will probably skip those months as well. Once the Xbox Games Showcase ends, Microsoft will immediately kick off the Gears of War: E-Day Direct. This deep dive into the upcoming prequel from The Coalition should attach gameplay footage and perhaps a release window to the highly anticipated project.
    • This could exactly be how our Sun ends but it's not as simple

      By PeterTHX · Posted

      People in the '50s and '60s had the same attitude, and we're still here over a half century later.
    • 007 First Light review: Satisfying spy adventure that James Bond needed

      By Nick H. · Posted

      So after some fiddling I was able to get it to run at a pretty stable 30FPS. I'm slightly surprised about how much fiddling I had to do to get there though given what I thought was reasonable hardware: Processors: 16 × AMD Ryzen 7 7840HS w/ Radeon 780M Graphics Memory: 16 GiB of RAM Graphics Processor 1: AMD Radeon 780M Graphics Graphics Processor 2: AMD Radeon RX 7700S I think I could do it better if I use Linux rather than Windows, Windows RAM usage is stupid without stripping the system down. But once I got it working in a reasonable state, it was so awesome! I felt like a new Bond! If anyone has any advice to get things going a bit smoother FPS-wise, I'd appreciate it.
    • Hi my name is Olivia and I am from Australia

      By +Nik Louch · Posted

      Something is rotten in the state of Denmark Australia

  • Recent Achievements

    • Dedicated
      Mark Spruce earned a badge
      Dedicated
    • Collaborator
      conkir earned a badge
      Collaborator
    • Rising Star
      olavinto went up a rank
      Rising Star
    • One Month Later
      lamborghiniv10 earned a badge
      One Month Later
    • Week One Done
      lamborghiniv10 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      482
    2. 2
      PsYcHoKiLLa
      256
    3. 3
      Steven P.
      74
    4. 4
      +Edouard
      70
    5. 5
      FloatingFatMan
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!