Securing Information
Strengthening Business

Ten Top Tips for PIN Security

In our first blog on PINs we looked at the most common combinations and why choosing a good PIN is in your own interest. We now turn our attention to choosing the right PINs and keeping them safe.

It should be obvious that the most commonly used PIN patterns should be avoided (as should the least common ones now they have been published!) The more random the PIN pattern the better it will be. This is all well and good but you still have to remember it.

Here are our best tips for good PIN security:

Top Tip 1 – Don’t write your PIN down and leave it in the same place as the item it is protecting. For example, don’t try and ‘disguise’ your credit card PIN somewhere in your wallet which is where the card is located. The bad guys have seen most of these tricks before and know what to look for. A better idea would be to put a random 4 digit number in your wallet – they may use up one of their free guesses (sneaky eh?)

Top Tip 2 — Keep a list of your PINs at home in a safe place. Start a password/PIN book and record all your PINs and passwords. To be doubly safe, don’t write the PIN down in full, give yourself a hint. For example, you may decide to change your PIN to the last 4 digits of an old telephone number. Instead of writing the PIN down, just write “old tel number” For tips on storing passwords see our recent blog. See: How to create strong, memorable passwords that are difficult to crack .

Top Tip 3 – Chose a good PIN (random to anyone else but you) and stick with it. Unlike passwords, it is not generally considered necessary to keep changing PINs as any compromise is likely to be more immediately noticeable.

Top Tip 4 – Don’t use the same PIN for multiple devices. It is like the old proverb of not putting all your eggs in one basket – you don’t want everything compromised should one PIN become known.

Top Tip 5 – Be careful when entering PIN numbers. The most common way a PIN is compromised is through bad guys watching PIN entries. This could be at a bar, ATM or in a shop. Make sure you cover up the key pad so that no one can see what PIN you enter and be aware of your surroundings and who may be watching.

Once the bad guys are confident they know your PIN you will quickly become the target – avoid this at all costs.

Top Tip 6 – Never divulge your debit/credit card PIN to anyone. The banks will never ask for your PIN over the phone.

Top Tip 7 – Don’t use birthdays or memorable dates for a PIN. When the bad guys are looking for information about you, they target dates of birth, wedding, anniversaries etc because they know they are memorable to you and therefore likely to be used as a PIN. This increases their chance of success in the PIN guessing game.

Top Tip 8 – Don’t use any number sequence that is printed on a debit/credit card to formulate the PIN for that card. Things like one of the 4 digit groups as the PIN may appear attractive but is best avoided.

Top Tip 9 – Be aware of keypads where the same PIN is exclusively entered – the pad may become worn or show some indication of what the 4 numbers that make up the PIN. Smudge marks on a smart phone to unlock it and finger prints on a house alarm are just two examples.

Top Tip 10 — If you think your PIN may have been compromised, change it as soon as you can. Don’t wait until you know for definite – do it now!

Article by Paddy Keating ,Director/Government Service Manager at Ascentor.

Other articles you might like:


For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.

What’s the difference between cyber security and cyber resilience – and why does resilience matter?

It’s a question we get asked at Ascentor and a Google search will often see returns for ‘cyber security vs cyber resilience’ – as if there’s some

The Ascentor guide to a cyber safe summer holiday

“We’re all going on a summer holiday, no more logins for a week or two…”