• ARTICLES
• SUBSCRIBE
SEARCH

## The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people.

Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique.

Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report.

Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation.

The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices.

1. Screwtape

Shocked that nearly 20% used either 1234, 1111, or 0000 as their PIN!

2. Bigtech

How did 10000 get anything… it;s a 5 digit number?

3. Nelson

There are 10000 possible numbers one could use in the four digit system. 8068 is the least used four digit pin and therefore takes up the #10000 slot.

4. Phil

The point – which _SO_ many people who have reposted this analysis or commented on it is these are failed passwords – ones which were ‘cracked’ through whatever method. Not an actual database from a bank PIN database or similar resource.

Many folks (myself included) will use an absurdly simple PIN when forced to enter one in a web form for a site I never expect to visit again (along with a dummy email address or a spare email I use just for disposable purposes). I’d be stupid to use one of the dozen or so PINs I actually use with random websites.

5. Bigtech

My bad.. I misread the column axis…. and yeah the thing about Bank pins brute force wise they are very easy…which is why most banks out here will suspend the card after 3-4 consecutive failed pins.

6. nello

Just a small correction _ pin number should be just pin as pin means personal identification number.

7. Dr_Unix

The most important feature of any password is my ability to remember it; especially when it stands as a gate keeper to important, yet rarely accessed data. Writing down a password, even one with 256 alpha-numeric+ASCII special characters renders that password utterly ineffectual. I might never have it guessed by a cracker, but a janitor or a meddlesome spouse or even a burglar might obtain the password with essentially zero effort invested simply because the complexity of the password, –>or the infrequency with which I use it<– caused me to write it down. My domain registrar of over 15 years recently required me to change a password consisting of a 6 digit amateur radio call sign from 25 years ago. I would never have failed to remember the amateur radio call sign, but some genius decided it would be more "secure" if I were required to insert at least one capital letter and one non-alpha non-numeric item. Result? Every time I find it necessary to access my account I am now resetting a password they have made *needlessly complex.*

By the way, in 15 years of using my old amateur radio call sign, there was not one single breach of security. My account was untouched *and* I was never inconvenienced by having to reset passwords. A password I cannot remember is worthless. It serves only to annoy me, and waste my time And I believe I'm much more likely to have it stolen or intercepted if I am continually forced to reset one because, you see, I absolutely *refuse* to write it down. A password on paper is an invitation to disaster.

My final comment is this question: Just exactly how many password crackers does one suppose are out there diligently trying to guess my passwords? I have been an Internet user since the very beginning of the Internet, and in all that time I am not aware of a single attempt, yet alone a successful breach of security. The man hours and money wasted securing assets against imaginary intruders is a non-trivial amount. It increases the cost of all goods and services while accomplishing essentially nothing other than satisfying the paranoia of attorneys who fret over share holder lawsuits, product liability lawsuits, et al.

8. Bill

Would have loved for them to have a table of all 10,000 numbers and their frequency available so I could check my personal pins… could only approximate from the heat map.

9. HMAC

Most of my pins are 5 digits. So in that case a lot of people would use 12345 and 11111.

10. RAhul

can i have recover deleted mail data is there have any soliusn for my deleted my outlook mail data

11. bedlamb

@ nello

What’s your favorite pin number number?