Experts warn! If you have one of these 50 PIN codes on your phone, you're in grave danger
A striking study analysing millions of PIN codes has exposed the vulnerability of four-digit phone passwords. A joint analysis of the Australian Broadcasting Corporation (ABC) and the Have I Been Pwned database found that a large proportion of users use highly predictable combinations – the most common four-digit PIN remains 1234, and one in 10 users has this code.
FINDINGS OF THE STUDY: WHICH ARE MORE RISKY?The analysis revealed clear patterns across millions of PINs. The most common risky combinations include:
Simple ordinal and increasing numbers (e.g. 1234, 1342, 2468, etc.)
Repeating numbers (1111, 2222, 4444, 7777, etc.)
Birth years and year-based codes (1986, 1991, 2000, etc.)
Special dates and easy-to-remember patterns (holiday dates like 1225, 2512, or keypad patterns like 2580)
The research showed that in initial trials, hackers and malware primarily tried around 50 such codes, so those using these combinations were at a much higher risk of having their devices compromised.
WHY IS BIOMETRICS NOT EVEN ENOUGH?Many users prioritize PINs over biometric authentication methods like Touch ID and Face ID, relying instead on them. However, experts caution that PINs are still the primary line of defense in the event of biometric data compromise (e.g., if the device is compromised). A predictable PIN makes device access easier, even with biometric protection.
HOW TO CREATE A SECURE PIN? EXPERT TIPSThe recommendations of cybersecurity experts and the organizations mentioned in the report are summarized as follows:
USE A LONGER PIN. Go for 6–8 digits if possible; the longer number makes it harder to crack.
SELECT COMPLETELY RANDOM NUMBERS. Choose a random combination instead of birth years, anniversaries, or consecutive numbers.
CONSIDER AN ALPHAN-NUMERIC PASSWORD INSTEAD OF A NUMBERED LOCK. If the device allows it, a password containing letters and symbols is more secure.
ACTIVATE NOTIFICATIONS. Turn on SMS/email/mobile notifications for every transaction and login.
TAKE PHYSICAL SECURITY PRECAUTIONS, SUCH AS CARD/ID. Precautions such as RFID-protected wallets and keeping device passwords in a safe place are beneficial.
SET LOCK AND WIPE POLICIES. Use options to automatically wipe the device after too many failed attempts or to remain locked for extended periods.
ACTIVATE REMOTE LOCATION AND DELETE. Turn on the remote wipe function to prevent information leakage in case the device is stolen.
PINs are widely used not only on phones but also on bank cards. While banks often recommend randomly generated PINs, it's crucial that users adhere to the above rules if they choose to change their own. Security firms like Kaspersky recommend using 6-8 digit random numbers or, if possible, alphanumeric passwords.
WHAT SHOULD YOU DO? PRACTICAL STEPS TO TAKE IMMEDIATELYCheck your phone's PIN — if you're using 1234, 0000, 1111, your birth year, or simple stripe/pattern codes, change it immediately.
If possible, set a 6+ digit PIN or alphanumeric password.
Enable transaction notification and two-factor authentication (2FA).
Enable the device's 'remote find/wipe' features.
Update your debit card PIN according to secure rules as well; never make your card PIN your date of birth.
SPOKESMAN
Source: News Center
Egetelgraf
