Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 916
- Points
- 113
The most common four-digit PIN codes were 1234, 0000, 2580, 1111 and 5555.
Security researchers Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth and Adam J. Aviv examined how users choose PIN codes for their mobile devices and how they can be persuaded to use a more secure number combination. As it turns out, using 6-digit PIN codes is not much more effective than 4-digit ones.
During the experiment, users of Apple and Android devices were instructed to set four- or six-digit PIN codes. Some participants were free to choose their PIN , while others were only allowed to choose non-blacklisted combinations. If they tried to use one of the prohibited combinations, they received a corresponding warning.
The researchers used a variety of blacklists, including one they extracted from an iPhone in another experiment . As it turns out, six-digit PINs don't provide much more security than four-digit PINs.
“From a mathematical point of view, of course, there is a huge difference. A four-digit PIN can be used to create 10 thousand different combinations, and a six-digit PIN can be used to create 1 million. However, users prefer certain sets of numbers and use them much more often, for example, 123456 and 654321,” experts explained.
As the researchers noted, the “ideal” PIN blacklist should contain about 1 thousand entries and be slightly different from Apple’s list. The most common four-digit PIN codes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998, and the six-digit ones were 123456, 654321, 111111, 000000, 123123, 6666. 66, 121212, 112233, 789456 and 159753.
Experts intend to present the results of their research at the IEEE Symposium on Security & Privacy conference in San Francisco (USA) in May 2020.
(c)a https://www.securitylab.ru/news/505910.php
Security researchers Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth and Adam J. Aviv examined how users choose PIN codes for their mobile devices and how they can be persuaded to use a more secure number combination. As it turns out, using 6-digit PIN codes is not much more effective than 4-digit ones.
During the experiment, users of Apple and Android devices were instructed to set four- or six-digit PIN codes. Some participants were free to choose their PIN , while others were only allowed to choose non-blacklisted combinations. If they tried to use one of the prohibited combinations, they received a corresponding warning.
The researchers used a variety of blacklists, including one they extracted from an iPhone in another experiment . As it turns out, six-digit PINs don't provide much more security than four-digit PINs.
“From a mathematical point of view, of course, there is a huge difference. A four-digit PIN can be used to create 10 thousand different combinations, and a six-digit PIN can be used to create 1 million. However, users prefer certain sets of numbers and use them much more often, for example, 123456 and 654321,” experts explained.
As the researchers noted, the “ideal” PIN blacklist should contain about 1 thousand entries and be slightly different from Apple’s list. The most common four-digit PIN codes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998, and the six-digit ones were 123456, 654321, 111111, 000000, 123123, 6666. 66, 121212, 112233, 789456 and 159753.
Experts intend to present the results of their research at the IEEE Symposium on Security & Privacy conference in San Francisco (USA) in May 2020.
(c)a https://www.securitylab.ru/news/505910.php
