May 19, 2020

Why it's time for companies to stop using PINs and passwords

Michael Steinmann, Nuance Comm...
4 min
Why it's time for companies to stop using PINs and passwords

Passwords and PINs are now more vulnerable than ever.

Proving this point has been a number of high profile security breaches, including Twitter, LinkedIn, iCloud and most notably Adobe, where 150 million passwords and user details were compromised.

RELATED TOPIC: 3 ways your business can improve its cloud safety

While these breaches highlight the vulnerability of the traditional password and PIN — which were developed over 50 years ago — they also show that knowledge-based authentication is becoming antiquated in today’s world of connected smart devices and even smarter hackers.

With increased pressure on these traditional security methods, organisations need to re-assess the processes and solutions in place to prevent security breaches and make their customers’ lives more convenient.

RELATED TOPIC: 4 cyber risks your financial sector should be prepared for

Here are some ways PINs and passwords are compromised:

Brute Force Attack

The four-digit PIN is one of the weakest security credentials, due to the ease in which a malicious user can compromise a system without the need to possess any technical knowledge, or any knowledge of the legitimate account holder.

The vulnerabilities of PINs were revealed by a 2012 DataGenetics study which showed that 10.7 per cent of four digit PINs are “1234”. This means a fraudster would only need to conduct an average of 10 attempts to compromise an account. Additionally, as revealed by the Adobe breach, passwords don’t perform much better, with the top 5 user passwords including ‘123456’ or ‘password.’

RELATED TOPIC: The importance of risk management in today’s digital business environment

Although organisations can block the most commonly used PINs and passwords, the DataGenetics study also revealed that beyond sequential numbers and repeating numbers, people tend to select PINs where the numbers form patterns on the keyboard, or where the number represents a date that is significant to the caller. This PIN selection behaviour by legitimate account holders render brute force attacks quite effective.

 Compromising the Database

A PIN or password, like any other knowledge factor used for authentication, is stored in a database. If the database is compromised, a malicious user has unlimited access to accounts. Although properly designed systems have numerous security measures in place, there are many documented cases of breaches occurring.

Some cases involve hackers finding ways to bypass the security measures. Other cases involve employee error, for example an erroneous transfer of PIN credentials through e-mail. No matter how the PINs or passwords are compromised, once in the hands of a malicious individual, the potential for large scale financial losses are enormous.

RELATED TOPIC: Cyber Crime in Oz: What Telstra and CommBank are Doing to Improve Cyber Security


Phishing is an ever-increasing technique that malicious individuals undertake to compromise credentials, such as PINs and passwords via email and social media. Industry statistics indicate a mass phishing attack yields a 5 per cent data collection success rate, meaning that if 100 e-mails are sent to collect PINs, a hacker will on average collect five valid PINs.

However, if the malicious individual conducts a spear-phishing attack, the success rate can reach 19 per cent. As such, phishing attacks are one of the preferred choices by malicious individuals to compromise systems that are protected by PINs and passwords.

Internet Search

Calls centres typically use a series of knowledge questions to verify a caller’s identity. If the caller answers the questions correctly, the agent considers the caller’s identity validated and any transactions can then take place.

RELATED TOPIC: How limiting BYOD security risks will help your company thrive

However, many of the answers to the security questions asked by call centre agents can be easily found on the internet. A moderately sophisticated hacker can find the answers to the majority of security questions by accessing social media sites, such as Facebook and LinkedIn.

Collecting this basic information about an individual online makes the task of guessing answers to security questions easy, as was shown by a study at Carnegie Mellon University in 2009. It demonstrated that typically used security questions are vulnerable; in some cases they can be guessed with 48 per cent accuracy.

Let's connect!  

Check out the latest edition of Business Review Australia!

Share article

Jul 24, 2021

Amobee Appoints Nick Brien As CEO

Elise Leise
2 min
Nick Brien, a CEO with a proven advertising track record, will help Amobee achieve digital growth

In its latest strategic move, Amobee—a global multimedia advertising leader—announced that Nick Brien will be its Chief Executive Officer. The company is entirely owned by Singtel, Asia’s leading communications technology organisation, which provides consumers with mobile, broadband, and TV and businesses with data hosting, cloud, network infrastructure, analytics, and cybersecurity tools. 

Brien, who has worked for Microsoft, Intel, P&G, and American Express, will take over to drive the next generation of advertising tech. Said Evangelos Simoudis, Chairman of the Board of Amobee: ‘Nick has the deep expertise in advertising that we need to seize the market opportunities ahead’. 

How Did Brien Get Here? 

Before joining Amobee, Brien led 15,000 people across 40 divisions as CEO of the Americas for Dentsu International. For thirty years, he’s helped brands pilot unique advertisements, keeping up with the latest trends. He’s served as CEO of McCann Worldgroup, global CEO of IPG Mediabrands, President of Hearst Marketing Services, and CEO of iCrossing. Over the course of his career, he’s consistently strategised how to keep up with digital shifts. Now, he’ll capitalise on Amobee’s legions of experienced data scientists and developers. 

‘I’m excited to be joining Amobee at such a transformative time in our industry’, Brien explained. ‘We’ll pilot advertising accountability and intelligent decisioning. And there’s no doubt in my mind that optimising media performance—whether you’re targeting, planning, buying, or delivering—can only be achieved using applied science, machine learning, and data analytics’. 

What Does This Mean for Amobee? 

Amobee is set on growing its personal brand within the advertising sector. As APAC social media influencers, Gen Z growth hackers, and viral content producers start to enter the field, established companies will be working doubly hard to keep up. Amobee, however, is still looking good. With a Gartner Magic Quadrant for Ad Tech, a Forrester New Wave recognition, and now, Nick Brien as CEO, the firm is set up for success. 

Share article