Last week, Apple withdrew an application that asked for a 4 digit pin on startup. Unbeknown to the user, the application was storing the passcodes and transmitting them back to the developer. Fortunately this time, it was not for malicious purposes, but more out of curiosity! The developer was amazed how the same passcode was used again and again, and that half of the codes would not have been difficult to guess.
With so many requirements on a four digit PIN, there is a tendency to reuse the same PIN across multiple cards and devices. It would not be a stretch of the imagination to suggest that the passcode used for this application would have been the same as the one to unlock the phone, which would likely be the same as the users payment cards!
Over 47% of the results showed that either 1234, or 0000 was used as the code. This might not be a fair reflection on card PIN numbers as apps are almost disposable, and people would enter a PIN to have a play with the application, and then discard it – in this case, I would not expect anything other than a simple passcode to be used. Where the results are more interesting is in the use of patterns including 2580 (a vertical line down), 0852 (a vertical line up) and 5683 (L O V E on a keypad!) accounting for another 25% of passcodes.
Results also show a high proportion of numbers starting with 19 or 20 – suggesting that a year (year of birth?) is being used for the code.
How many of us fall into the trap of reusing our card PIN in other applications? More and more of us have Smartphones and other devices requiring a passcode. This analysis has certainly made me think about ensuring that my secure details are “secure!” As the phone becomes an integral part of our lives, now including making payments from the phone, should we look to increase the security surrounding our PIN’s and passwords?
How many of us will rush out to change our PIN’s after realizing how exposed we are from using patterns or dates of birth? I for one will give a little more thought to my next passcode – hoping to fall out of the 70% included in the top 5 most common used codes!
A continuing journey with some new companions
World's 1st PCI-accredited company for P2PE V1 & V2
So now you’re an online merchant? 4 ways to stay that way
The Trials and Tribulations of an Online Retailer
Payments: what’s in store (and online) for 2016?
Do Consumers Dream of Biometric Payments?