How predictable is your PIN?


Date: 6 December 2012

Pin pad{{}}How secure is your personal identification number (PIN)? An enlightening study reveals many PINs are predictable and easy to guess. So, is it about time you changed your PIN?

The safest PIN of all?

The fascinating study, by Data Genetics, reveals the most commonly used PINs and therefore the ones most likely to be guessed.

It found that the most infrequently used PIN is 8068. Does that make it the safest? Well, perhaps, although now it's been revealed in this study, it might become a lot more popular!

What makes a poor PIN choice?

According to the stats, the most common PIN is 1234. Out of the 3.4 million numbers surveyed, it made up 11% - or 374,000. What little imagination some people have!

In fact, the top 20 PINs all fall into the category of 'easy to remember'. For instance:

  • 1111
  • 0000
  • 1212
  • 7777

It seems PINs with lots of repetition or a pattern to them are chosen most frequently. Interestingly, 2580 comes just outside of the top 20 at number 22. This looks like a random number until you realise these are the numbers down the centre of a telephone keypad.

Other easy to remember four-digit PINs come from years of birth. A disproportionate amount of PINs begin with 19. This is bound to change to 20 as the population ages. Day and month of birth also figure quite prominently.

Does it matter if your PIN is easy to guess?

Most devices, credit cards and locks that are protected by a PIN limit the number of times an incorrect number can be entered. So does it matter if you use a common PIN?

Well, let's think about it in more detail. If I'm a bad guy and I get hold of your bank card, I generally get three guesses before the card is locked.

Going from the statistics in the study, if I take the three most common PINs as my starting point, I have a one in five chance of getting yours right. Not bad and probably worth a gamble.

Won't my bank cover me?

Unless your bank can prove you have been grossly negligent with your PIN (sticking it to your credit card, for instance) the general rule is that you will be reimbursed for any financial loss if your card is stolen and your PIN used to extract money.

So, isn’t it simply a case of using the most convenient, easy to remember PIN and - should it get compromised - waiting for the banks to sort it out?

Well, even assuming you are able to reclaim your money, there's quite a kerfuffle involved in the process. Anyone who's gone through it will know that the inconvenience and lost time is enough to deter you from using a weak PIN.

In addition, you may highlight yourself as an easy target – if you did it once, why not again? Don’t bring unwanted attention on yourself just for the sake of four little numbers.

Dave James is managing director of Ascentor, a company which helps businesses manage information risk. You can also follow him on Twitter.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.