These Are the 20 PINs You Should Stop Using on Your Smartphone Today

IT security researchers at Ruhr-Universität Bochum, Max Planck Institute for Security and Privacy, and The George Washington University joined forces to study how safe Android and Apple users are when setting up PINs on their smartphones. The findings were published in the This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs study in April 2020, and they are quite interesting. For one, the researchers proved that 6-digit PINs are not automatically stronger than 4-digit PINs. In fact, in some cases, 6-digit PINs can be much weaker and can be guessed quicker. Unfortunately, a strong smartphone PIN is often an afterthought for Android and Apple users, and most people set up whatever comes to mind first when setting up a new device. The idea is to get back to the PIN and make it stronger, but of course, people never do that. That being said, everyone must add strong PINs on smartphones.

This PIN Can Be Easily Guessed, they said

Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv are the IT researchers behind the comprehensive study. They set out to learn how quickly they could guess the smartphone PINs that most Android and Apple users are likely to add. They obtained lists of PINs that are blacklisted to see how weak they actually were. Some of the participants in the study were asked to choose PINs from the obtained lists, while others were asked to choose PINs that were not included in the lists. They concluded that the 6-digit smartphone PINs were not superior to 4-digit PINs and that, in some cases, they were even weaker. For example, a smartphone PIN 123456 is just as weak as 1234, and it certainly is much weaker that a 4-digit smartphone PIN that is not used as frequently. According to Forbes, these are the 20 most popular 4-digit and 6-digit PINs that smartphone users employ. Unfortunately, because they are so popular, they are also incredibly weak.

4-digit smartphone PINs you must stop using today:

  • 0000
  • 0852
  • 1111
  • 1212
  • 1234
  • 1998
  • 2222
  • 2580
  • 5555
  • 5683

6-digit smartphone PINs you must stop using today:

  • 000000
  • 111111
  • 112233
  • 121212
  • 123123
  • 123456
  • 159753
  • 654321
  • 666666
  • 789456

Although four numbers are meant to offer 10,000 unique combinations and six numbers 1,000,000 unique combinations, that is not a big challenge for cybercriminals. When the researchers from Germany and the US studied how hackers guess PIN codes, they learned that within about 1.5 hour (which is restricted by the limit of guesses), hackers can compromise 4.6% of 4-digit PINs and 6.5% of 6-digit PINs on iOS and 13.6% and 11.7% PINs (respectively) on Android. Needless to say, attackers guess the most commonly used combinations first, and so the users of such PINs are the most vulnerable.

Hackers have always been inventive with how they crack PIN codes. In 2017, researchers from Nanyang Technological University in Singapore discovered that smartphone PIN codes can be guessed using sensor data that is collected by accelerometers, gyroscopes, proximity sensors, and other similar tools that are integrated into the devices. The researchers were able to guess the correct PINs with a 99.5% accuracy with only three tries, but only if the PINs were from the list of 50 most commonly used ones. To guess PIN codes, the researchers also employed machine learning and deep learning algorithms, which is what hackers can use to crack weak passwords and PIN codes. Even strong passwords/PINs can be cracked, but that takes much longer, and the success rate, therefore, is lower.

How to create strong PINs on smartphones

There is no trick here, and there certainly is no 4-digit or 6-digit combination that is a winner. If we all knew of a combination that worked best, we would all use it, and then it would automatically become the weakest. The thing is that an uncrackable smartphone PIN does not exist. That does not mean that you just have to accept whatever might happen. Instead, you should combine different security methods to protect your smartphone against hackers. A strong PIN on smartphone devices is a myth, and if you only use a digit-based code, you will never be safe. At the very least, smartphone owners should set up alphanumeric codes, which means that both numbers and letters are included. Of course, just because you add letters to a weak smartphone PIN it does not make it stronger. For example, 123ABC is just as bad. It is also a mistake to stick with the shortest combination. Of course, if you can only choose from six characters, you have nowhere to expand, but if you can choose eight, ten, twelve, or even more characters, go for it.

It is also a terrible idea to stick with a PIN code alone. As we mentioned already, you want to combine different authentication methods, and there is no doubt that when it comes to smartphones, biometric authentication is most rewarding. While a PIN code can be guessed – no matter how strong it is – not all hackers are able to forge fingerprints or mess with facial and vocal recognition. If you set up biometric authentication, a smartphone PIN might seem like a non-essential part of your virtual security. However, note that even if a hacker cannot fake a fingerprint authentication, if they can bypass security with a weak PIN code, they will do it. Therefore, you must NOT neglect it.

If you are using biometric authentication primarily, a PIN code is requested for authentication less often, and if you do a good job at creating a PIN that is hard to guess (think numbers, letters, and special characters), you might forget it, and that would be a disaster. This is why you need to make sure that you store a copy of your password in a secure location just in case. If you think that writing down the strong PIN on smartphone’s notes app or a post-it note is a good idea, let us warn you that it is not. What you want is an encrypted vault that only you can access. That is what the Cyclonis Password Manager offers. Use the Private Notes feature to store all sensitive pieces of data, and you will not need to memorize them.

By Foley
April 20, 2020
Tips
April 20, 2020
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

How To

How to Stop Google Calender Spam

Google Calendar users have been at risk of falling prey to a nasty kind of spam for some time now. It seems to have gained traction recently. This is how it happens: an email with an invitation to an event is sent by... Read more

September 26, 2019
Password Security

What is the Difference Between Passwords and PINs

Historically, passwords have seen a lot of use since ancient times. The first verified use of passwords in the Roman military, where they were used to establish security and assure discipline – and they seem to have... Read more

August 27, 2019
News

Hackers Have Brute-Forced Admin Usernames and Passwords of 20,000 WordPress Sites

When security researchers say that adding '123' to the end of a weak password isn't doing a whole lot to improve its security, many people tend to think that the paranoia levels are running too high. Users reckon that... Read more

December 13, 2018
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.