Why don't banks block overused or insecure passwords and PIN codes?
That's one question posed by a study conducted by Cambridge University security researchers Joseph Bonneau, Soren Preibusch, and Ross Anderson, who've conducted what they said is "the first-ever quantitative analysis of the difficulty of guessing four-digit banking PINs." Their research has implications not just for ATM cards, but also for any mobile device set to require a numeric password.
The big warning from their research is that based on current PIN-picking patterns, would-be attackers have a 9% chance of correctly guessing a person's ATM code.
Read the rest of this article on InformationWeek