How-To Geek

The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people.

Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique.

Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report.

Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation.

The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices.

PIN Number Analysis [via Apartment Therapy]

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 09/27/12

Comments (13)

  1. Screwtape

    Shocked that nearly 20% used either 1234, 1111, or 0000 as their PIN!

  2. Bigtech

    How did 10000 get anything… it;s a 5 digit number?

  3. Nelson

    There are 10000 possible numbers one could use in the four digit system. 8068 is the least used four digit pin and therefore takes up the #10000 slot.

  4. Phil

    The point – which _SO_ many people who have reposted this analysis or commented on it is these are failed passwords – ones which were ‘cracked’ through whatever method. Not an actual database from a bank PIN database or similar resource.

    Many folks (myself included) will use an absurdly simple PIN when forced to enter one in a web form for a site I never expect to visit again (along with a dummy email address or a spare email I use just for disposable purposes). I’d be stupid to use one of the dozen or so PINs I actually use with random websites.

  5. Bigtech

    My bad.. I misread the column axis…. and yeah the thing about Bank pins brute force wise they are very easy…which is why most banks out here will suspend the card after 3-4 consecutive failed pins.

  6. nello

    Just a small correction _ pin number should be just pin as pin means personal identification number.

  7. Dr_Unix

    The most important feature of any password is my ability to remember it; especially when it stands as a gate keeper to important, yet rarely accessed data. Writing down a password, even one with 256 alpha-numeric+ASCII special characters renders that password utterly ineffectual. I might never have it guessed by a cracker, but a janitor or a meddlesome spouse or even a burglar might obtain the password with essentially zero effort invested simply because the complexity of the password, –>or the infrequency with which I use it<– caused me to write it down. My domain registrar of over 15 years recently required me to change a password consisting of a 6 digit amateur radio call sign from 25 years ago. I would never have failed to remember the amateur radio call sign, but some genius decided it would be more "secure" if I were required to insert at least one capital letter and one non-alpha non-numeric item. Result? Every time I find it necessary to access my account I am now resetting a password they have made *needlessly complex.*

    By the way, in 15 years of using my old amateur radio call sign, there was not one single breach of security. My account was untouched *and* I was never inconvenienced by having to reset passwords. A password I cannot remember is worthless. It serves only to annoy me, and waste my time And I believe I'm much more likely to have it stolen or intercepted if I am continually forced to reset one because, you see, I absolutely *refuse* to write it down. A password on paper is an invitation to disaster.

    My final comment is this question: Just exactly how many password crackers does one suppose are out there diligently trying to guess my passwords? I have been an Internet user since the very beginning of the Internet, and in all that time I am not aware of a single attempt, yet alone a successful breach of security. The man hours and money wasted securing assets against imaginary intruders is a non-trivial amount. It increases the cost of all goods and services while accomplishing essentially nothing other than satisfying the paranoia of attorneys who fret over share holder lawsuits, product liability lawsuits, et al.

  8. Bill

    Would have loved for them to have a table of all 10,000 numbers and their frequency available so I could check my personal pins… could only approximate from the heat map.

  9. HMAC

    Most of my pins are 5 digits. So in that case a lot of people would use 12345 and 11111.

  10. RAhul

    can i have recover deleted mail data is there have any soliusn for my deleted my outlook mail data

  11. bedlamb

    @ nello

    What’s your favorite pin number number?

  12. Jeff Sadowski

    I get a new card in the mail from my bank every 2 years with a new pin and write a formula in my phone to derive it that is complex enough that only math geeks can interpret it. No mention in my phone what the formula is for. I usually memorize the pin with in a month. This method has never been a problem. As secure as any other number.

  13. Angela

    As a slight expansion to Nelson’s explanation, there are 10,000 only because 0000 is included.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!