this post was submitted on 26 May 2024
276 points (98.3% liked)

Cybersecurity

5683 readers
30 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
 

or why it is not a good idea to use your birthday as your pin

all 41 comments
sorted by: hot top controversial new old
[–] [email protected] 75 points 5 months ago (3 children)

My pin is 4580 so I am good!

[–] [email protected] 22 points 5 months ago (1 children)

Mine is the price of a cheese pizza and large soda at Panucci's

[–] [email protected] 13 points 5 months ago (2 children)

Holy shit we have the same bank pin!

[–] [email protected] 14 points 5 months ago (2 children)

Hold up, mine too! I wonder if there's a connection with the card number and expiration date. Here'a mine, enter yours so we can all compare:

  • 5894325796533678
  • 11/25
[–] [email protected] 6 points 5 months ago (1 children)

Make sure to include the ccv code.

[–] [email protected] 4 points 5 months ago
[–] [email protected] 2 points 5 months ago

Thanks doe the pizza man

[–] [email protected] 4 points 5 months ago

I have the same combination on my luggage!

[–] [email protected] 12 points 5 months ago (1 children)

Why is it all I see is ****?

[–] [email protected] 7 points 5 months ago
[–] [email protected] 31 points 5 months ago (1 children)

6969 looks like a popular choice. Nice.

[–] [email protected] 4 points 5 months ago (1 children)

Looks like 4200 is fairly popular too. Blaze it!

[–] [email protected] 3 points 5 months ago

0420 seems to be popular also.

[–] [email protected] 24 points 5 months ago (1 children)

So the black pixels are pins that nobody uses? 🤔

[–] [email protected] 10 points 5 months ago

We don't speak of those PINs here.

[–] [email protected] 18 points 5 months ago (1 children)

It bothers me that if the pin resembles a date, even if it is not the reason for it, it is less secure. Life is not fair, lol.

[–] [email protected] 10 points 5 months ago

It bothers me that the arrow on the y-axis is pointing the wrong way

[–] [email protected] 13 points 5 months ago (3 children)

Can someone create a list of the most secure 4-digit PINs?

[–] [email protected] 29 points 5 months ago

Umm... wouldn't that... you know... invalidate it?

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago) (1 children)

It’s hard to look at but any of the ones that are black squares in the picture would be the least used ones. It looks like that’s most any that starts in the 7000+ range.

Edit: 6806 for example.

[–] [email protected] 5 points 5 months ago

Thanks for the thoughtful answer, but my question was actually meant as a joke.

[–] [email protected] 5 points 5 months ago

4 digit pins are not secure. As long as you avoid all the light colored dots on the chart, that's the most secure you can make it.

If a system allows brute forcing without a pause, delay, cool down, or lockout, and a 4 digit pin is the only thing preventing access, they will get in.

[–] [email protected] 11 points 5 months ago* (last edited 5 months ago)

Source of the heat Map seems to be this blog post: http://datagenetics.com/blog/september32012/index.html

And here is a higher quality image of the heat map above: https://infobeautiful4.s3.amazonaws.com/2021/03/[email protected]

[–] [email protected] 10 points 5 months ago (1 children)

When will we finally move past 4 digit codes for anything important?

[–] [email protected] 10 points 5 months ago

Pin codes are great for quick access if you have a lockout mechanism after 3 failed attempts and it is impossible for an attacker to get the hashed code. It is only secure if you pick a pin that cannot be guessed in 3 attempts like your birthdate but that applies to any password.

Thats why they are used for credit cards, SIM cards or Bitlocker drive encryption. The hashed code never leaves the secure hardware so you cannot circumvent the lockout.

Even a 16digit numeric code, which I guess is the upper limit of what you can remember and quickly input, would take just a couple of days to brute force if the attacker does get hold of the hash.

[–] [email protected] 9 points 5 months ago* (last edited 5 months ago) (3 children)

What's with 7942 being lit up like the North Star?

There are a couple other curious ones like that, too.

[–] [email protected] 5 points 5 months ago (1 children)

Are you sure that's not 7931 you're looking at?

7931 are the four corners, so it'd be an easy pattern.

[–] [email protected] 3 points 5 months ago

Yes the bright one I mean is very easily at or around 40. 31 is rather far away.

[–] [email protected] 4 points 5 months ago (1 children)

What's with 7942 being lit up like the North Star?

Only thing I can think of is that The Hitchhiker's Guide to the Galaxy was published in 1979.

[–] [email protected] 2 points 5 months ago

That actually might be it. And it fits the theme of 42 well.

[–] [email protected] 4 points 5 months ago

Maybe they're big fans of the Lego Off-road Fire Rescue set?

[–] [email protected] 6 points 5 months ago (2 children)

Anecdotal but I've heard that when banks auto generate PINs for debit cards they filter out some suspicious ones like 0000 or 1234 because it only leads to customers complaining and wanting to change them (more work for the bank). Nowadays the customer can usually change them themselves, so it might be less true.

[–] [email protected] 3 points 5 months ago

When I got my credit card (and credit account) set up, they had me set a pin then and there. But that might be because I had to create the account in person?

[–] [email protected] 2 points 5 months ago

Maybe they can, but it may not be free.

Up until a few months ago my bank used to charge €5 for PIN change at the ATM (unpaid accounts only).

[–] [email protected] 3 points 5 months ago (1 children)

Star Trek fans are visible at 1707

[–] [email protected] 9 points 5 months ago (1 children)
[–] [email protected] 3 points 5 months ago

I must be more asleep than I thought.

[–] [email protected] 1 points 5 months ago

My PIN is the date I bought my first smartphone but the numbers are rearranged.

[–] [email protected] 1 points 5 months ago

I'm proud that 1996 seems to be one of the years least used, but damn is it sad anyways how used it is.