Berry analyzed passwords previously from released and exposed password tables and security breaches and filtered the results to just those that were exactly four digits long [0-9]. There are 10,000 possible combinations that the digits 0-9 can be arranged to form a four-digit code. Berry analyzed those to find which are the least and most predictable. He speculates that if users select a four-digit password for an online account or other web site, it's not a stretch to use the same number for their four-digit bank PIN codes.
What he found, he says, was a "staggering lack of imagination" when it comes to selecting passwords. Nearly 11% of the 3.4 million four-digit passwords he analyzed are 1234. The second most popular PIN in is 1111 (6% of passwords), followed by 0000 (2%). (Last year SplashData compiled a list of the most common numerical and word-based passwords and found that the "password" and "123456" topped the list.)
Berry says that a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.
We don't like hard-to-remember numbers and "no one thinks their wallet will get stolen," Berry says.