this post was submitted on 26 May 2024
276 points (98.3% liked)

Cybersecurity

5683 readers
30 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

or why it is not a good idea to use your birthday as your pin

all 42 comments
sorted by: hot top controversial new old
[–] kylian0087@lemmy.dbzer0.com 75 points 5 months ago (3 children)

My pin is 4580 so I am good!

[–] steal_your_face@lemmy.ml 22 points 5 months ago (1 children)

Mine is the price of a cheese pizza and large soda at Panucci's

[–] Potatos_are_not_friends@lemmy.world 14 points 5 months ago (2 children)

Holy shit we have the same bank pin!

[–] sugar_in_your_tea@sh.itjust.works 14 points 5 months ago (2 children)

Hold up, mine too! I wonder if there's a connection with the card number and expiration date. Here'a mine, enter yours so we can all compare:

  • 5894325796533678
  • 11/25
[–] corsicanguppy@lemmy.ca 7 points 5 months ago (1 children)

Make sure to include the ccv code.

[–] Aussiemandeus@aussie.zone 2 points 5 months ago

Thanks doe the pizza man

[–] TrippaSnippa@lemm.ee 4 points 5 months ago

I have the same combination on my luggage!

[–] Gestrid@lemmy.ca 12 points 5 months ago (1 children)

Why is it all I see is ****?

[–] revlayle@lemm.ee 7 points 5 months ago
[–] envelope@kbin.social 31 points 5 months ago (1 children)

6969 looks like a popular choice. Nice.

[–] sugar_in_your_tea@sh.itjust.works 4 points 5 months ago (1 children)

Looks like 4200 is fairly popular too. Blaze it!

[–] IllNess@infosec.pub 3 points 5 months ago

0420 seems to be popular also.

[–] Kolanaki@yiffit.net 24 points 5 months ago (1 children)

So the black pixels are pins that nobody uses? 🤔

[–] Gork@lemm.ee 10 points 5 months ago

We don't speak of those PINs here.

[–] kubica@kbin.social 18 points 5 months ago (1 children)

It bothers me that if the pin resembles a date, even if it is not the reason for it, it is less secure. Life is not fair, lol.

[–] onion@feddit.de 10 points 5 months ago

It bothers me that the arrow on the y-axis is pointing the wrong way

[–] cron@feddit.de 13 points 5 months ago (3 children)

Can someone create a list of the most secure 4-digit PINs?

[–] user224@lemmy.sdf.org 29 points 5 months ago

Umm... wouldn't that... you know... invalidate it?

[–] ramble81@lemm.ee 6 points 5 months ago* (last edited 5 months ago) (1 children)

It’s hard to look at but any of the ones that are black squares in the picture would be the least used ones. It looks like that’s most any that starts in the 7000+ range.

Edit: 6806 for example.

[–] cron@feddit.de 7 points 5 months ago

Thanks for the thoughtful answer, but my question was actually meant as a joke.

[–] IllNess@infosec.pub 6 points 5 months ago

4 digit pins are not secure. As long as you avoid all the light colored dots on the chart, that's the most secure you can make it.

If a system allows brute forcing without a pause, delay, cool down, or lockout, and a 4 digit pin is the only thing preventing access, they will get in.

[–] lud@lemm.ee 11 points 5 months ago* (last edited 5 months ago)

Source of the heat Map seems to be this blog post: http://datagenetics.com/blog/september32012/index.html

And here is a higher quality image of the heat map above: https://infobeautiful4.s3.amazonaws.com/2021/03/IIB-Pin-Numbers-1276@2x-1.png

[–] TonyTonyChopper@mander.xyz 10 points 5 months ago (1 children)

When will we finally move past 4 digit codes for anything important?

[–] ThetaDev@lemm.ee 10 points 5 months ago

Pin codes are great for quick access if you have a lockout mechanism after 3 failed attempts and it is impossible for an attacker to get the hashed code. It is only secure if you pick a pin that cannot be guessed in 3 attempts like your birthdate but that applies to any password.

Thats why they are used for credit cards, SIM cards or Bitlocker drive encryption. The hashed code never leaves the secure hardware so you cannot circumvent the lockout.

Even a 16digit numeric code, which I guess is the upper limit of what you can remember and quickly input, would take just a couple of days to brute force if the attacker does get hold of the hash.

[–] Creat@discuss.tchncs.de 9 points 5 months ago* (last edited 5 months ago) (3 children)

What's with 7942 being lit up like the North Star?

There are a couple other curious ones like that, too.

[–] Philippe23@lemmy.ca 5 points 5 months ago (1 children)

Are you sure that's not 7931 you're looking at?

7931 are the four corners, so it'd be an easy pattern.

[–] Creat@discuss.tchncs.de 3 points 5 months ago

Yes the bright one I mean is very easily at or around 40. 31 is rather far away.

[–] skyspydude1@lemmy.world 4 points 5 months ago

Maybe they're big fans of the Lego Off-road Fire Rescue set?

[–] doofusmagoo@sh.itjust.works 4 points 5 months ago (1 children)

What's with 7942 being lit up like the North Star?

Only thing I can think of is that The Hitchhiker's Guide to the Galaxy was published in 1979.

[–] Creat@discuss.tchncs.de 2 points 5 months ago

That actually might be it. And it fits the theme of 42 well.

[–] takeheart@lemmy.world 6 points 5 months ago (2 children)

Anecdotal but I've heard that when banks auto generate PINs for debit cards they filter out some suspicious ones like 0000 or 1234 because it only leads to customers complaining and wanting to change them (more work for the bank). Nowadays the customer can usually change them themselves, so it might be less true.

[–] Canadian_Cabinet@lemmy.ca 3 points 5 months ago

When I got my credit card (and credit account) set up, they had me set a pin then and there. But that might be because I had to create the account in person?

[–] user224@lemmy.sdf.org 2 points 5 months ago

Maybe they can, but it may not be free.

Up until a few months ago my bank used to charge €5 for PIN change at the ATM (unpaid accounts only).

[–] FauxPseudo@lemmy.world 3 points 5 months ago (1 children)

Star Trek fans are visible at 1707

[–] boeman@lemmy.world 9 points 5 months ago (1 children)
[–] FauxPseudo@lemmy.world 3 points 5 months ago

I must be more asleep than I thought.

[–] blujan@sopuli.xyz 1 points 5 months ago

I'm proud that 1996 seems to be one of the years least used, but damn is it sad anyways how used it is.

[–] cordlesslamp@lemmy.today 1 points 5 months ago

My PIN is the date I bought my first smartphone but the numbers are rearranged.