Passwords and PINs: the worst choices

[ronjor]

Quote:

by David Harley Senior Research Fellow


At a time when password breaches like the one at LinkedIn are once more making the news, there's plenty of good advice around about how to select a strong password as opposed to the sort of stereotyped easy-to-remember-but-stupendously-easy-to-guess password that turns up again and again in dumped lists of hacked passwords. So if your favourite, much-used password (or something very like it) is in the following list, it might be a good idea to stop reading this now, go to the link on how to select a strong password and use it as a basis for changing all your passwords to something safer (then come back and think about the PINs you use). The list is abstracted from one compiled by Mark Burnett, representing the most-used passwords in a data set of around 6 million:

http://blog.eset.com/2012/06/07/pass...-worst-choices

[MikeBCda]

Leaving aside the question of secure vs. insecure passwords, which has been discussed more or less to death ...

My 4-digit bank card PIN was assigned by my bank, and since there seems to be no pattern to the digits, once I felt I'd comfortably memorized it I used the same PIN for other purposes, such as my Bell calling card. My Visa is from my own bank, so uses the same PIN anyway. The mnemonic for mine was relatively handy -- as it happened, in the year corresponding to the first two digits my age was *approximately* (off by 2 or 3) the last two.

While a bank customer can change the cards' PIN if desired, doing so has to be done in person with tons of ID much of which wouldn't normally be carried around. So even a lost card shouldn't be a security concern, particularly given that, as noted in the OP, ATMs normally seize and retain the card after a small number of failed tries.