When Did Phone Numbers Change To 7 Digits
PIN analysis
| A practiced friend of mine, Ian, recently forwarded me an internet joke. The headline was something like: "All credit card Pin numbers in the World leaked" The body of the bulletin simply said 0000 0001 0002 0003 0004 … |  |
Ian'south messages made me chuckle. And then, later the same day, I read this XKCD cartoon. The merging of these ii humorous topics created the seed for this commodity.
 | ||
| I beloved Randall's piece of work. My favorite, to date, is this one. I accept a signed copy of it on my role wall. Like many of his creations, this drawing is fantabulous at bifurcating readers; people read it, then either grin and chuckle, or stare blankly at it followed by a "Huh? I don't get it!" annotate. Then yous explain it, and go a reply "Yeeaaaaaa…no, I nonetheless don't get information technology!" Esoteric humor in action. You can be absurd and buy his signed artwork also. | ||
What is the least mutual PIN number?
| There are 10,000 possible combinations that the digits 0-9 can be arranged to class a iv-digit pivot lawmaking. Out of these ten thousand codes, which is the least commonly used? Which of these pin codes is the to the lowest degree anticipated? Which of these pin codes is the about anticipated? If y'all were given the chore of trying to crack a random credit card past repeatedly trying Pin codes, what order should you endeavour guessing to maximize your chances of selecting the correct number in the shortest time? |  |
If you lot had to make predication virtually what the to the lowest degree commonly used 4-digit PIN is, what would be your estimate?
This tangentially relates to the XKCD cartoon. In Randall'south cartoon, the perpetrator's plan backfired because his selected license plate was and then unique that it was very memorable. What is the least memorable license plate? Inquire any spy you know (snigger) what the best mode to blend into a crowd is. Their respond will be not stand up out, to appear "normal", and not be notable in whatsoever way.
 | People are notoriously bad at generating random passwords. I hope this article volition scare you into being a little more careful in how you select your next PIN number. Are yous curious about what the least commonly used PIN number might be? How about the most popular? Read on … |
DISCLAIMER
This article is not intended to exist a hacker bible, or to be used as a utility, resource, or tool to assist would-be thieves perform nefarious actions. I volition merely disembalm data sufficient to make my points, and will effort to avoid giving specific data exterior of the obvious examples. I do not want to be an enabler for script-kiddies. Please practise not email me asking for the database I used; if you do, you will be wasting your time as I'm non going to respond. I'chiliad not going to sell, donate or release the source information – don't ask!
Source
Obviously, I don't have access to a credit carte PIN number database. Instead I'm going to use a proxy. I'm going to use data condensed from released/exposed/discovered password tables and security breaches.
Soap Box – Countersign Database Exposures
| Over the years, in that location accept been numerous password tabular array security breaches: Some very loftier profile, some depression profile, simply all embarrassing (and many exceedingly expensive; both in straight fines and indirect loss of business through erosion of trust and reputation). Fool me once, well, no, even that'southward non really acceptable, simply fool me twice … I'll go fifty-fifty further: Any developer who stores the password tabular array of their database in clear text should be so mortified by this lack of security that they should not be sleeping at night until they fix it. Ignoring the fact that you should never have ever coded it this way, you have an obligation to larn from these by breaches. If y'all piece of work for a company and are knowledgeable that your customer database is "protected" by such lightweight security so run, don't walk, to your CEO/Presidents office, pound on the door and insist (s)he puts out a mandate to fix the thing with extreme prejudice. Don't get out until you get an affirmative response. Badger, annoy so badger them once again. Make yourself a proverbial thorn in their side. |  |
I'm not trying to sell my services as a consultant here (though if you are interested, my rates are very reasonable compared to the cost of legal defense, potential FTC sanctions, class action suits, shareholder backlash, fines, loss of reputation and business …) There are plenty of security experts in the industry who can assist you lot (if you demand help filtering them and don't have referrals, someone who has CISSP qualifications is a practiced place to beginning).
Bottom line Security strengthens with layers, and the elementary awarding of encryption on your database tabular array tin can help protect your customer's data if this table is exposed. It does non defend against all possible attacks, but it does nothing but good things. What possible reason is in that location store things in articulate-text?
Dorsum to the data
 | By combining the exposed password databases I've encountered, and filtering the results to merely those rows that are exactly 4 digits long [0-9] the output is a database of all the four digit graphic symbol combinations that people take used every bit their account passwords. |
Given that users have a free choice for their password, if users select a four digit countersign to their online account, it's non a stretch to use this as a proxy for four digit PIN codes.
The Information
I was able to find almost 3.four 1000000 four digit passwords. Every single i of the of the 10,000 combinations of digits from 0000 through to 9999 were represented in the dataset.
| The most popular countersign is 1234 … |
| … it'south staggering how popular this password appears to be. Utterly staggering at the lack of imagination … |
| … nearly xi% of the iii.four million passwords are 1234 !!! |
| The next near popular 4-digit PIN in employ is 1111 with over vi% of passwords being this. In third identify is 0000 with almost ii%. A table of the tiptop 20 found passwords in shown at the right. A staggering 26.83% of all passwords could exist guessed by attempting these 20 combinations! (Statistically, with ten,000 possible combination, if passwords were uniformly randomly distributed, we would expect the these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered) Looking more closely at the top few records, all the usual suspects are nowadays 1111 2222 3333 … 9999 as well as 1212 and (snigger) 6969. It'due south non a surprise to come across patterns like 1122 and 1313 occurring high upwards in the list, nor 4321 or 1010. 2001 makes an appearance at #19. 1984 follows non far behind in position #26, and James Bond fans may exist interested to know 0007 is establish betwixt the 2 of them in position #23 (another variant 0070 follows not much farther behind at #28). |
|
The first "puzzling" password I encountered was 2580 in position #22. What is the significance of these digits? Why should then many people select this lawmaking to make it appear so loftier up the list?
 | Then I realized that 2580is a directly downward the centre of a telephone keypad! | |
| (Interestingly, this is very compelling evidence confirming the hypothesis that a 4-digit countersign list is a smashing proxy for a Pivot number database. If you look at the numeric keypad on a PC-keyboard you'll see that 2580 is slightly more awkward to type on the PC than a phone because the order of keys on a keyboard is the inverted. Cash machines and other terminals that take credit cards use a telephone style numeric pads. Information technology appears that many people have an easy to type/remember Pivot number for their credit card and are re-using the same iv digits for their online passwords, where the "straight down the middle" mnemonic no longer applies). |  | |
(Another fascinating piece of trivia is that people seem to prefer fifty-fifty numbers over odd, and codes like 2468 occur college than a odd number equivalent, such as 1357).
Cumulative Frequency
As noted above, the more popular password selections boss the frequency tables. The near popular PIN code of 1234 is more popular than the everyman 4,200 codes combined!
That's right, you lot might be able to crack over ten% of all codes with i guess! Expanding this, yous could get 20% by using just five numbers!
Below is a cumulative frequency graph:
Statistically, one third of all codes tin be guessed by trying just 61 distinct combinations!
The l% cumulative chance threshold is passed at just 426 codes (far less than the v,000 that a random uniformly distribution would predict). Paranoid yet?
Lesser of the pile
| OK, we've investigated nearly often used PINS and constitute they tend to exist anticipated and easy to remember, let's turn for a second to the bottom of the pile. What are the least "interesting" (least used) PINS? In my dataset the answer is 8068 with only 25 occurrences in 3.4 meg (this equates to 0.000744%, far, far fewer than random distribution would predict, and five orders of magnitude behind the well-nigh popular choice). To the right are the 20 least popular four-digit passwords encountered.
|
|
Memorable Years
Many of the high frequency PIN numbers tin can exist interpreted as years, e.g. 1967 1956 1937 … It appears that many people use a year of nascence (or perhaps an anniversary) as their Pin. This will certainly help them call up their code, merely it greatly increases its predictability.
Just look at the stats: Every unmarried xix?? combination can be establish in the superlative fifth of the dataset!
Beneath is a plot of this in graphical format. In this chart, each yellowish line represents a Pivot number that starts 19??
If all the passwords were uniformly distributed, there should be no significant difference between the frequency of occurrence of, for example, 1972 and whatsoever other PIN ending in seventy two ??72. Nevertheless, every bit we shall run across, this is not the example at all.
1972 occurs in ordinal position #76 (with a frequency 0.099363%). Here's a histogram for the occurrences of all ??72 probabilities.
You can clearly come across the fasten at 1972 (with smaller spikes at 7272 and 1472)
If you calculate the ratio of the peak of 1972 to the average of all the other ??72 PINS you become the ratio of 22:1
PINS starting with 19?? are much more likley to occur. Of course, it's not just 1972. Here is plot of the ratio of nineteen to non-19 for all hundred combinations. Along the x-axis are all the combinations of last two digits �Xx, and for each of these the ratio of the 19XX to average of all the other ??XX occurrences has been calculated. Here'southward the chart:
It's a pretty practiced approximation for a demographic chart! (suggested by the red-dashed tendency line) which would probably allow a fair estimation of the ages (years of birth) of the people using the diverse websites. (Of course, hackers invert this strategy and use the age of a target to attempt and give information to guess a user's Pin. Looking at this graph, this might give them upwardly to a 40x reward!)
Just near all the ratios are above i.0. The noteable exceptions are ??34 and ??00 (which are like shooting fish in a barrel to explicate, since the massive popularity of 1234 and 0000 dwarf 1934 and 1900respectively). Simiarly 33 44 55 66 … are lower than expected as the quad codes like 3333 mask out even the 1933 boost.
There are as well spikes in the graph corresponding to the popular PINS of 1919 1984 and 1999
Patterns in data
 | I love pretty ways to graphically vizualize information. Pictures really practise paint thousands of words. Another interesting way to visualize the Pivot data is in this grid plot of the distribution. In this heatmap, the x-axis depicts the left two digits from [00] to [99] and the y-centrality depicts the correct two digits from [00] to [99]. The bottom left is 0000 and the superlative right is 9999. Colour is used to represent frequency. The college frequency occurences are yellowish to white hot, and the lower frequency occurences are red, through dark carmine to black. Geek Note The scaling is logarithmic. |
Yous could look at this plot all twenty-four hour period!
The brilliant line for the leading diagonal shows the repeated couplets that people love to use for their Pin numbers 0000 0101 0202 … 5454 5555 5656 … 9898 9999.
Every eleventh dot on the leading diagonal is brighter corresponding to the quad numbers e.g. 4444 5555. Here is a larger scale version:
Interesting things
At that place are so many interesting things to learn from this heatmap. Here are but a couple:
 | The outset is the interesting harmonics of shading (seen here more easily in a gray calibration plot). You can brand out a "filigree pattern" in the plot. The lighter areas corresponding to couplets of numbers that are shut to each other. For some reason, people don't similar to select pairs of numbers that have larger numerical gaps between them. Combinations similar 45 and 67 occur much more than oft than things like 29 and 37 | |
 | Here we encounter the line respective to 19XX. The intensity the dots relates to the chart we plotted earlier There are a large number of codes starting with 19, especially towards the higher end. |  |
 | There is a strong bias towards the lower left quadrant. People beloved to showtime their PIN numbers with 0, and fifty-fifty more than and so with the digit ane. The chart on the right shows the relative frequency of the commencement digit of 4-digit pin codes. As yous can see, the digit 1 dominates (and it's not all downward to the 19XX phenomenon.) |  |
 | Petty bright specs dot the plot in places corresponding to numerical runs (both ascending and descending) such as 2345 , 4321 and 5678. I've highlighted just a couple on the plot to the left. Jumps in steps of two are as well visible e.k. 2468 | |
| Repeated-pair couplets of numbers are very common, such as XYXY The hundred sets of repeating couplet pairs represent a staggering 17.viii% of all observed Pin numbers. |  |
More than four
The purpose of this posting was to investigate patterns and frequency of four digit PIN numbers. However, the database I collected besides has all-numeric password of different lengths. It'southward worth taking a quick look at these too.
I establish shut to 7 one thousand thousand all-numeric passwords. Approximately half of these were the four-digit codes we've only examined.
Six digit codes are the next almost pop length, followed eight.
I hope, hope that the people who have passwords of 9 digits long are non using their Social Security Numbers!
Below are the top 20 passwords for the various lengths, along with their share of their same-size namespace.
| # | v | half dozen | 7 | 8 | 9 | x | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PSWD | % | PSWD | % | PSWD | % | PSWD | % | PSWD | % | PSWD | % | |
| #i | 12345 | 22.802% | 123456 | xi.684% | 1234567 | 3.440% | 12345678 | 11.825% | 123456789 | 35.259% | 1234567890 | 20.431% |
| #2 | 11111 | 4.484% | 123123 | 1.370% | 7777777 | 1.721% | 11111111 | 1.326% | 987654321 | iii.661% | 0123456789 | 2.323% |
| #3 | 55555 | 1.769% | 111111 | 1.296% | 1111111 | 0.637% | 88888888 | 0.959% | 123123123 | 1.587% | 0987654321 | 2.271% |
| #4 | 00000 | 1.258% | 121212 | 0.623% | 8675309 | 0.465% | 87654321 | 0.815% | 789456123 | 1.183% | 1111111111 | 2.087% |
| #5 | 54321 | ane.196% | 123321 | 0.591% | 1234321 | 0.220% | 00000000 | 0.675% | 999999999 | 0.825% | 1029384756 | 1.293% |
| #6 | 13579 | 1.112% | 666666 | 0.577% | 0000000 | 0.188% | 12341234 | 0.569% | 147258369 | 0.591% | 9876543210 | 0.971% |
| #seven | 77777 | 0.618% | 000000 | 0.521% | 4830033 | 0.158% | 69696969 | 0.348% | 741852963 | 0.455% | 0000000000 | 0.942% |
| #eight | 22222 | 0.454% | 654321 | 0.506% | 7654321 | 0.154% | 12121212 | 0.320% | 111111111 | 0.425% | 1357924680 | 0.479% |
| #9 | 12321 | 0.412% | 696969 | 0.454% | 5201314 | 0.128% | 11223344 | 0.293% | 123454321 | 0.413% | 1122334455 | 0.441% |
| #10 | 99999 | 0.397% | 112233 | 0.417% | 0123456 | 0.124% | 12344321 | 0.275% | 123654789 | 0.378% | 1234512345 | 0.402% |
| #11 | 33333 | 0.338% | 159753 | 0.283% | 2848048 | 0.124% | 77777777 | 0.262% | 147852369 | 0.356% | 1234554321 | 0.380% |
| #12 | 00700 | 0.261% | 292513 | 0.250% | 7005425 | 0.120% | 99999999 | 0.223% | 111222333 | 0.304% | 5555555555 | 0.259% |
| #xiii | 90210 | 0.244% | 131313 | 0.235% | 1080413 | 0.111% | 22222222 | 0.219% | 963852741 | 0.255% | 1212121212 | 0.244% |
| #xiv | 88888 | 0.217% | 123654 | 0.228% | 7895123 | 0.107% | 55555555 | 0.205% | 321654987 | 0.253% | 9999999999 | 0.231% |
| #15 | 38317 | 0.216% | 222222 | 0.212% | 1869510 | 0.102% | 33333333 | 0.176% | 420420420 | 0.241% | 2222222222 | 0.219% |
| #xvi | 09876 | 0.185% | 789456 | 0.209% | 3223326 | 0.100% | 44444444 | 0.165% | 007007007 | 0.227% | 7777777777 | 0.206% |
| #17 | 44444 | 0.179% | 999999 | 0.194% | 1212123 | 0.096% | 66666666 | 0.160% | 135792468 | 0.164% | 3141592654 | 0.195% |
| #18 | 98765 | 0.169% | 101010 | 0.190% | 1478963 | 0.088% | 11112222 | 0.140% | 397029049 | 0.158% | 3333333333 | 0.186% |
| #19 | 01234 | 0.160% | 777777 | 0.188% | 2222222 | 0.085% | 13131313 | 0.131% | 012345678 | 0.154% | 7894561230 | 0.165% |
| #20 | 42069 | 0.154% | 007007 | 0.186% | 5555555 | 0.082% | 10041004 | 0.127% | 123698745 | 0.152% | 1234567891 | 0.161% |
Some interesting observations (and a little speculation)
For five digit passwords, users announced to take even less imagination in selecting their codes (22.8% select 12345). All the usual suspects occur, just a new addition is the puerile addition in position #twenty of the concatenation of 420 and 69.
For vi digit countersign, again 696969 appears highly. Besides of note is 159753 (a "X" mark over the numeric keypad). James Bond returns with 007007.
For seven digits, the standby of 1234567 is a much lower frequency (though still the peak). I speculate that this is because many people may be using their telephone number (without area code) as a seven digit password. Telephone numbers are fairly distinct, and already memorized, so when a 7 digit lawmaking is needed, they spring to mind hands. The higher frequency of usage of telephone numbers reduces the need to use imagination (or lack thereof) and select something else.
Is Jenny there? The fouth nearly popular vii digit countersign is 8675309 (It's a popular eighty'due south vocal).
Eight digit passwords are just as expected. Lots of design, and lots of repetition.
Common 9 digit passwords also follow patterns and repetition. 789456123 appears every bit an easy "Forth the top, middle and bottom of the keypad" 147258369 is related in the vertical direction (and other variants announced high up). Again we get a 420 moment with 420420420, and also the shaken, not stirred, but repeated 007007007 returns.
Interestingly for x digits 1029384756 appears (alternating ascending/descending digits), besides as the odd/even 1357924680.
Hurrah for math! In position #17 of the x digit countersign list we get 3141592654 (The kickoff few digits of Pi)
Conclusions
 | If y'all are a developer , tester or executive I hope you lot are sufficiently paranoid that you volition immediately check to encounter that your systems practise not store sensitive information, similar passwords, unencrypted. The entire reason I was able to perform this analysis is because If y'all are a consumer and your recognize whatsoever of the numbers I've used in this article to be your passwords/pins I hope you lot use common sense and immediately change them to something a little less predictable. Alternatively, you could exist lazy and not modify things (In that case, at least the only person y'all are harming with this apathy is yourself.) |
Updates
Since publishing this article, information technology'due south been brought to my attention that, of grade, in add-on to anniversary years, many people encapsulate dates in the format MMDD (such as birthdays …) for their Pin codes.
This clearly explains the lower left corner where, if yous look at the heatmap, in that location is a huge contrast change at the height of around xxx-31 (the number of days in a month), extending to 12 on the 10-axis. (Thanks to zero79 for first pointing this out).
Many people as well asked the significance of 1004 in the four character Pivot table. This comes from Korean speakers. When spoken, "1004" is cheonsa (cheon = k, sa=four).
"Cheonsa" too happens to be the Korean word for Affections.
Another XKCD cartoon
It only seems appropriate to end with another XKCD cartoon. This one is Countersign Strength
Yous tin notice a complete list of all the manufactures hither. 
Click here to receive email alerts on new articles.
Source: https://datagenetics.com/blog/september32012/
Posted by: rodriguezfloory38.blogspot.com
0 Response to "When Did Phone Numbers Change To 7 Digits"
Post a Comment