What this study of four-digit passwords tells me is that if the FBI doesn't get a court order to compel Apple to create a version of iOS that allows them to try every combination of password on the San Bernardino terrorist's iPhone without it wiping, they can just try the top 10 passwords and have about a 25% chance.
That's right, out of the 10,000 possible combinations for a four-digit password, 10 combinations represent almost a quarter of all passwords found in a database of 3.4 million passwords compiled from publicly released and anonymized databases compiled by hackers.
It also means that if you have one of these four digit combinations as the password for your iPhone, iPad, debit/credit card, door, or anything else, you should change it.
But don't change it to their list of the bottom ten since hackers can read too. You should also avoid any combinations that start with 19xx or 20xx since people frequently use a significant year as their password.
Of course, if you can, use more than four digits as this significantly increases the security. Even one or two digits more make a big difference.
