Securing Information
Strengthening Business

How Predictable is your PIN Number?

How secure is you PIN number? An enlightening new study reveals that many PIN numbers are shockingly predictable and far too easy to guess.

Is it about time you changed your PIN?

Psst – I wanna tell you a secret

The most infrequently used and therefore arguably the best PIN is 8068. Well it was until it was revealed in the recent study of PIN usage by Data Genetics . This fascinating and statistical study also reveals the most commonly used PINs and therefore the ones most likely to be guessed.

What makes a poor PIN choice?

According to the stats, the most commonly used PIN is 1234. Out of the 3.4 million numbers surveyed, an amazing 374,000 were 1234. That’s 11% of those analysed. What little imagination some people have!

The top 20 PINs all come from the easy to remember category. PINs like:

  • 1111
  • 0000
  • 1212
  • 7777

It seems that PINs with lots of repetition and/or a pattern to them are the most frequently chosen. It is interesting that the PIN 2580 comes just outside of the top 20 at number 22. This looks like a random PIN until you realise that these are the numbers down the centre of a telephone keypad – another imaginative breakthrough!

Other easy to remember 4 figure numbers that make up PINs obviously come from years of birth. There is a disproportionate amount of PINs beginning with 19 which is bound to change to 20 as the population ages. Equally, day and month of birth also figure quite prominently.

Does it really matter?

Given that most devices/cards/locks that are protected by a PIN have a limit to the number of attempts that can be made before it locks itself, does it matter if a commonly used PIN is used? The chances of some bad guy getting hold of your device, a bank card for example, guessing the correct PIN has to be pretty small doesn’t it? Let’s think about it in a bit more detail. If I’m the bad guy and I get hold of a genuine bank debit card that I do not know the PIN for, I generally have 3 guesses before that card is locked.

If I take the top 3 most commonly used PINs as my starting point, I have a 1 in 5 chance of getting it right. Not bad odds and probably worth a gamble.

But the banks pay it back anyway, don’t they?

For credit/debit cards, unless the banks can prove the you have been grossly negligent with your PIN i.e. sticking it to your credit card, the general rule is that you will be reimbursed for any financial loss should your card be stolen and the PIN used to extract money. So, isn’t it simply a case of using the most convenient and easy to remember PIN and should it get compromised, wait for the banks to sort it out?

This may be true, but anyone who has gone through the process will know the sheer kerfuffle involved in replacing cards and reclaiming lost money should be enough to deter anyone from using a poorly chosen PIN. In addition, you may highlight yourself as an easy target – if you did it once, why not again.

Don’t bring unwanted attention on yourself just for the sake of 4 little numbers.

In our next blog in this series we provide our ten best tips to help you keep your PIN secure. We’ll post it here shortly.

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:

For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Building business resilience - through Information Security, Business Continuity and Disaster Recovery

How would you recover if something went drastically wrong with some, or all of your business operations? When we think of worst case scenarios,

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.

What’s the difference between cyber security and cyber resilience – and why does resilience matter?

It’s a question we get asked at Ascentor and a Google search will often see returns for ‘cyber security vs cyber resilience’ – as if there’s some