Setting Up A PIN? Security Experts Warn To Avoid These 4-Digit Codes At All Costs
As tempting as it might be, avoid using 0000 as your four-digit PIN code. Same goes for 1010, 1111, 1122, and 1212, which comprises the top five worst PIN codes, according to a list compiled by security experts. Just like a password, you should avoid using PIN codes that are commonly used. Yes, they can be easier to remember compared to a random string of numbers (PIN codes) or characters (passwords), but that's also part of what makes them a poor choice.
Of course, not all PIN codes are just four digits. On Apple devices, for example, the default passcode is actually six digits, though you have the option of downgrading to four digits if you prefer. Some banks also allow for six-digit PIN codes, though by and large, four-digit PIN codes are far more common for debit cards. That can be problematic because there are 'only' 10,000 possible combinations for a four-digit PIN (based on the numbers 0-9).
So, what other PIN combinations should you avoid, and where does the security analysis come from? ABC News Story Lab journalists Julian Fell and Teresa Tan analyzed 29 million PIN code entries at Have I Been Pwned? and discovered that nine out of 10 people use the same weak PIN code (0000).
"The most commonly used PINs turned out to be staggeringly popular, meaning they’re particularly easy to guess when phones and bank cards fall into the wrong hands," Fell and Tan explain.
They also get a bit into the weeds of how some PIN codes are chosen and altered based on grid layouts, which is interesting. What's of primary interest, though, is a list of the 50 most popular PIN codes in the Have I Been Pwned? dataset. Here's a look at the top 20...
- 1234 (9%)
- 1111 (1.6%)
- 0000 (1.1%)
- 1342 (0.6%)
- 1212 (0.4%)
- 2222 (0.3%)
- 4444 (0.3%)
- 1122 (0.3%)
- 1986 (0.3%)
- 2020 (0.3%)
- 7777 (0.3%)
- 5555 (0.3%)
- 1989 (0.3%)
- 9999 (0.2%)
- 6969 (0.2%)
- 2004 (0.2%)
- 1010 (0.2%)
- 4321 (0.2%)
- 6666 (0.2%)
- 1984 (0.2%)
Looking at the partial list, we can surmise that some of the more popular PIN codes are likely chosen based on a person's date of birth J(like 1984) or graduation year. Others are just lazy repetitions of the same number, and 6969 speaks for itself (you dirty dogs).
The full report (as spotted by Forbes) doesn't really dive into the psychology of PIN code selection, but it's definitely worth a read. One thing to keep in mind is that most devices allow for at least a handful of guesses before locking a person out. So even though 10,000 possible combinations may seem like a lot, if you're using a PIN code that ranks high on the list, there's a greater chance that someone could correctly guess it, should you have your smartphone or bank card stolen.
Simply put, if your PIN appears on the top 50 list, consider changing it ASAP.
