Revealed: The most and least common four

With thousands of people falling prey to scams and cyber attacks every year, you may think that people would be a little more careful about their passwords and PIN numbers.

However, an analysis of leaked databases from Information is Beautiful shows that people are still using common PIN numbers to protect their vital information. 

Shockingly, '1234' is still the most common PIN - making up almost 11 per cent of those analysed.

This is followed by '1111', '0000', '1212' and '7777'. 

Jake Moore, global cybersecurity advisor at ESET, told MailOnline: 'By using simple or easy to guess passcodes it enables attackers to target people more easily'.

This incredible graph shows the most common PINs from 3.4 million leaked passwords. The PINs are plotted by their first and last two digits and the squares are brighter the more frequently they appear 

The most common PIN numbers

1. 1234
2. 1111
3. 0000
4. 1212
5. 7777
6. 1004
7. 2000
8. 4444
9. 2222
10. 6969

Advertisement

This data, originally compiled by the late Nick Berry, collects all of the four-digit PINs that have been revealed by data breaches. 

Of the 3.4 million PINs analysed, the overwhelming majority use simple sequences or repeating patterns.

Despite being incredibly easy to guess, '1234' is still so popular that it occurs more often than all of the 4,200 least-common PINs combined. 

The second most commonly used password is '1111' which makes up six per cent of all PINs in the data. 

This is followed by '0000' and '1212', each making up close to two per cent of all passwords. 

When the PINs from this data are plotted by their first and last two digits, some really interesting patterns emerge. 

Most obvious is a bright diagonal stripe from bottom left to top right formed as people use pairs of digits like '0000', '2323', or '5656'. 

Looking at the graph you can also see a clear line running horizontally about a quarter of the way up which represents codes beginning with '19', likely created by people using their birth years.

This graph clearly shows a diagonal line of PINs with repeated numbers like '1010'. In black and white you can also see a faint grid-like pattern which may be caused by people preferentially choosing numbers that are close together 

The least common PIN numbers 

1. 8557
2. 8438
3. 9539
4. 7063
5. 6827
6. 0859
7. 6793
8. 0738
9. 6835
10. 8093 

Advertisement

You can clearly see how the line becomes a lot brighter around '1960' onwards as more currently living people are born after this date. 

Turning the graph black and white, you can also see a faint 'grid' pattern caused by people using numbers that are numerically close together.  

This also reveals an L-shaped region in the bottom left corner which is likely due to people using their birthdays in MMDD or DDMM format.

Looking closely, you can see that the region doesn't extend any further than 12 or 31 - corresponding to the months of the year and days in the month.  

With 10,000 possible combinations for a four-digit PIN, it should be quite difficult for anyone to guess your PIN.

However, as Mr Moore points out, bad cybersecurity habits make things a lot easier for hackers. 

Mr Moore says: 'People continue to use PIN codes that are commonly used or those that are related to them and easily accessible such as dates of birth. 

'Partly due to our memories only having so much captivity but also because they may have been using the same codes for many years when cyber awareness was not so well documented.'

With just 61 guesses, a hacker could crack one third of all passcodes, while using only 426 someone could guess half of all PINs in the dataset. 

If you use your birthday or other memorable data as your PIN, experts warn that you are making it significantly easier for criminals (file photo)

Read More

I'm a hacking expert. These are the mainstream apps I would NEVER use because of privacy risks

Even if there is a limit on attempts, hackers could gain access to 20 per cent of people's accounts in just five tries. 

This makes it very dangerous to use repeated patterns or birthdays as your PIN since these can easily be guessed should your card or card information fall into the wrong hands.

This same issue applies to passwords for online services like social media accounts as people still use common words or strings of numbers. 

According to research by NordPass, a password manager, 70 per cent of passwords can be cracked in less than a second. 

Tomas Smalakys, CTO of NordPass, told MailOnline: 'To make matters worse, almost a third (31 per cent) of the world's most popular passwords consist of purely numerical sequences.

'Such passwords can be hacked almost instantly, as hackers use automated systems rather than typing them out.'

Most common passwords in 2024

1. 123456 
2. 123456789 
3. admin 
4. Qwerty 
5. welcome 
6. Password 
7. Password1 
8. p@ssw0rd 
9. 12345 
10. Qwerty123 

Advertisement

Once your account has been compromised hackers can either steal your data directly or use your information to launch targeted attacks on other people.

'For example, seemingly minor details such as your full name or birthday can be used to craft more sophisticated and personalized phishing attacks,' Mr Smalakys says. 

In order to stay safe online, cybersecurity experts recommend using longer and more complicated passwords composed of random letters and numerals. 

The issue is that these passwords can often be as difficult to remember as they are for hackers to guess.

For this reason, it is recommended to use a safe and trusted password manager to store your passwords.

Mr Moore says: 'People put themselves at risk by having weak passwords and PIN codes and often do not fully understand the threat until they are compromised.

'Password managers offer all the security for when such information cannot always be remembered plus they can help generate completely random codes so you don’t rely on your birthday or anniversary.'

HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED

Have I Been Pwned?

Cybersecurity expert and Microsoft regional director Tory Hunt runs 'Have I Been Pwned'.

The website lets you check whether your email has been compromised as part of any of the data breaches that have happened. 

If your email address pops up you should change your password.

Pwned Passwords

To check if your password may have been exposed in a previous data breach, go to the site's homepage and enter your email address.

The search tool will check it against the details of historical data breaches that made this information publicly visible. 

If your password does pop up, you're likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.

Mr Hunt built the site to help people check whether or not the password they'd like to use was on a list of known breached passwords. 

The site does not store your password next to any personally identifiable data and every password is encrypted

Other Safety Tips

Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use. 

Next, enable two-factor authentication. Lastly, keep abreast of any breaches

Read more:

• PIN number analysis
• informationisbea...