Cracking PINs: There's a 26% chance I can crack yours in 20 tries
By Laura Haight
Target's hack now appears deeper than original reported. Now it seems the hackers got PINs as well. Target says "don't worry." To a degree they are right, they use an encrypted key and do not keep the key in the same database as the data itself. That's a strong practice. And it might protect you, if you also followed strong practices.
Sadly, that may be unlikely.
In 2012, the most common password used was ... you guessed it, password. And by a longshot the most popular 4-digit PIN was 1234, followed by 000, 1111, 7777 and then birth years - of which the first two numbers are givens.
According to Data Genetics, a Seattle, WA, tech consultant, it takes no more than 20 attempts to crack 26.83 percent of all four digit passcodes.
Of course, that data is a year old and, while I would like to think that these stats would have changed over the year, I imagine they are still pretty much true.
The problem is exacerbated by the increase in hacking incidents -- from the state tax data to the this month's Target hack and all the ones in between. Hackers are getting bolder - perhaps because we are making it easier.
Businesses are spending a lot of time and money on infrastructure to protect data that can easily be exposed by one employee's lapse in judgment.
If you are a Target shopper and your PIN is easily crackable (you should have a pretty good idea now if it is), then there are two steps to take.
1. Cancel your debit/credit card and get a new one.
2. Select a PIN that is a random number set.
Unfortunately, banking PINs are only four digits and debit and credit cards rely on storing critical information on the magnetic strip, an outdated and insecure methodology. But an expensive one to change. Still you can only do what you can do.
If you're into numbers, you can read the statistical evaluation behind Data Genetics report; do it while you're waiting for Bank of America to get your temporary debit card set up!