The most popular PIN Codes that are easy to hack — check yours

The more than 29 million PIN Codes that appeared in the leaked databases showed an alarming trend: every tenth user chooses the same four digits. It means that it is much easier for criminals to find a combination that gives them access to your smartphone, SIM card, and personal data. Even if you usually unlock your phone with your fingerprint or face, you will have to enter your PIN after a reset or update.

Forbes writes about it.

Why do the most common PIN Codes pose the greatest risk?

A four-digit PIN has only 10,000 possible variants, and it's only a matter of time before a brute-force attack is launched. The analysis of the leaks revealed the 50 most commonly used codes that should be avoided in any case. The researchers also warn against "obvious" dates such as birthdays or anniversaries: even a seemingly random year can easily give away your code to those who know you well.

Among the PIN Codes that should never be used:

• 0000;
• 1010;
• 1111;
• 1122;
• 1212;
• 1234;
• 1313;
• 1342;
• 1973;
• 1974;
• 1975;
• 1976;
• 1977;
• 1978;
• 1979;
• 1980;
• 1981;
• 1982;
• 1983;
• 1984;
• 1985;
• 1986;
• 1987;
• 1988;
• 1989;
• 1990;
• 1991;
• 1992;
• 1993;
• 1994;
• 1995;
• 1996;
• 1998;
• 2000;
• 2002;
• 2004;
• 2005;
• 2020;
• 2222;
• 2468;
• 2580;
• 3333;
• 4321;
• 4444;
• 5555;
• 6666;
• 6969;
• 7777;
• 8888;
• 9999.

The most popular among them were "1234", "1111", "0000", as well as "1342", "1212", and "2222". These are the combinations that attackers check first.

The 2012 study named "8068" as the rarest code, but as soon as this information appeared online, the combination was no longer safe. In total, there are 5,040 four-digit codes without repeating digits, but this is not enough. ISO 9564-1 allows PINs up to 12 characters long and recommends at least six. The more digits, the less chance of guessing, which is why experts advise against four-digit codes in favor of six-digit or even ten-digit codes.

The problem is not limited to PIN Codes: millions of stolen passwords are sold in the public domain, with "123456", "password", and "qwerty" being the most popular. To minimise the risks, you should use unique and complex combinations and enable two-factor authentication.

As a reminder, it's a good idea to check the security of your most important online accounts from time to time. One of the easiest ways to do this is to see which devices were used to log in to your Google account so that you can react in time in case of suspicious activity.

We also wrote that during the Google I/O conference, the company announced the new feature for the Chrome browser: the ability to automatically change passwords that are detected as unreliable or compromised. If Chrome detects a risk during authorisation, the built-in password manager will offer to create a secure combination and immediately update it on supported websites.