Is Your Credit Card Hackable With A Single Attempt?
Data Genetics, a UK data mining firm, has analysed a large set of numeric passwords and found the most common is “1234” with an incidence of a staggering 11%. By assuming an equivalence with ATM PINs, this means that about 1 in 9 debit/credit cards could be unlocked with a single attempt. Data Genetics found that fully one quarter of the numeric passwords were in the top 20 — out of, of course, 10,000 possible.
Further examination of the numbers revealed a lot of use of birth years, birthdays, repeated couplets (“xyxy”), and starting with 0 or 1.
Their analysis is quite lovely but if you want the bottom line, there's a summary of the top 20 at the link. The main offenders were “0000”, “1111” (and so on), “1212”, “1313”, “1004” and a few others.
Now, it may be that the equivalence of passwords with ATM PINs is not strong, because banks assign the initial PINs for credit/debit cards whereas users often select their own passwords. But many people change their initial PIN so it can be more memorable, and that's where birthdays and other patterns are used.
In any case, anybody using a PIN in the top 20 list, or even using one of the patterns identified, whether self-selected or not, should change it immediately.
November 2013 Update — Analysis reveals popular Adobe passwords.