Experts agree: "1111" is not a good PIN.

The common banking customer generally does not use personal identification numbers as simple as "1111," but many create sequences that are closely connected personal information, banking and computing experts say. Thus, these PINS are very susceptible to identity theft and fraud. The problem also applies with account and computer passwords.

Last week, researchers at Carnegie Mellon University suggested in a study published by the Proceedings of the National Academy of Science that Social Security numbers, given to Americans by the federal government, are "highly insecure passwords."

"If one can successfully identify all nine digits of an SSN in fewer than 10, 100, or even 1,000 attempts, that Social Security number is no more secure than a three-digit PIN," the study's authors, Carnegie Mellon associate professor Alessandro Acquisti and post-doctoral researcher Ralph Gross, said in a statement.

So what about the four-digit numbers?

Although PINs are short and are generally easier to crack than account passwords, experts say, there are still methods to make the codes -- which, unlike Social Security numbers, can be changed easily -- as secure as possible.

For instance, experts warn customers not to use PINs based on their Social Security and driver's license numbers, which are harder to find than, say, phone numbers and addresses, but are still very accessible.

Similarly, customers sometimes use a telephone alphanumeric code to transform part of their relative's names or pet names into a PIN. Those kinds of sequences are also what hackers commonly check first, experts said.

Experts said the best PINs are assortments of random numbers. But random numbers are hard to memorize.

That's where the maiden names of sisters-in-law and the pet names of best friends come in.

"Use things that you know you can remember but ... are not so obviously linked to you that someone could guess them," said Jim Holding, vice president of communications at Northwest Savings Bank. "You probably don't want to use your college, but you might want to use the name of the mascot."

Unfortunately, many do compromise security for convenience. According to the U.S. Department of Homeland Security, most people in the United States use easy-to-remember and easy-to-crack passwords based on personal information.

Homeland Security computer experts recommend that passwords be based on mnemonics (such as the 12-character "IartabtPP-G." for "[I] [a]m [r]eading [t]his [a]rticle [b]y [t]he [P]ittsburgh [P]ost[-G]azette[.]") or uncommon sequences of upper-case and lower-case letters, numbers and punctuation marks.

And the longer, the better: Many experts say the best passwords are longer than eight characters. And Microsoft experts said a 15-character password is 33,000 times harder to crack than an eight-character one.

Passwords and PINs should be changed regularly and be different for each account, experts agree. Many Web sites now include additional safeguard measures such as additional questions on personal information to prevent hackers from stealing data.

There are many online password checkers, including one for Microsoft, that use algorithms to determine the code's crackability.

"1111" received the worst rating: "weak." And "IartabtP-PG." only received a "strong" password rating from Microsoft, effectively three stars out of four. But adding two numbers at the end made the password, in Microsoft's eyes, the "best."