Just as there are top common passwords, there is also a top common PINs list. Similarly to passwords, people usually aren't as good at being unique as they think they are. And some people don't even try.
David Harley initially discussed a data set of common PINs compiled by Daniel Amitay in a Virus Bulletin article called Hearing a PIN drop. Let's jump into it.
Top 10 Common PINs
If you use one of these PINs, you need to change it immediately. Here are the top 10:
- 1234 (8884 occurrences)
- 0000 (5246 occurrences)
- 2580 (4753 occurrences)
- 1111 (3262 occurrences)
- 5555 (1774 occurrences)
- 5683 (1425 occurrences)
- 0852 (1221 occurrences)
- 2222 (1139 occurrences)
- 1212 (944 occurrences)
- 1998 (882 occurrences)
Do any of these PINs surprise you? You can see examples of:
- Keyboard patterns
- Identical digits
- Simple patterns
- Significant years
- Dates
- House numbers
Standard Keyboard and Keypad Layouts
If some patterns don't make sense, consider what a keyboard layout looks like on a phone or standard lock keypad.
| 1 (VM) | 2 (abc) | 3 (def) |
| 4 (ghi) | 5 (jkl) | 6 (mno) |
| 7 (pqrs) | 8 (tuv) | 9 (wxyz) |
| * | 0 (Space) | # |
Now, let's look at what a standard numpad on a keyboard looks like.
| 7 Home | 8 ↑ | 9 PgUp |
| 4 ← | 5 | 6 → |
| 1 End | 2 ↓ | 3 PgDn |
| 0 Ins | 0 (cont) Ins (cont) | . Del |
Starting to make sense, right? Let's also consider the standard numrow above the letters on a keyboard.
| 1 ! | 2 @ | 3 # | 4 $ | 5 % | 6 ^ | 7 & | 8 * | 9 ( | 0 ) |
What PINs Are Mostly Used For
PINs are mainly used for:
- Debit card or chip and PIN credit card purchases.
- ATM sign-in and withdrawals.
- Digital locks, including doors and safes.
- Phone unlock or log in.
- Voicemail login from a cellphone or office phone through direct dial.
- Computer login shortcuts (Windows 10 option, for example).
- Game console logins from a controller.
- Bank or financial service authorization.
- Other support authorizations.
How to Choose a More Secure PIN
If you want a more secure PIN, you should avoid being as predictable as possible. Here's what to avoid in choosing PINs:
- Avoid obvious keyboard patterns.
- Avoid standard column usage:
- First - 1470.
- Middle 2580, 0852.
- Third - 3690.
- Avoid any linear sequences in either direction - 1234, 4321.
- Avoid any single character repeated - 0000, 1111, 2222.
- Avoid short sequences repeated - 1212.
- Avoid standard column usage:
- Don't use dates that are publicly available on social media.
- Don't choose famous mathematical sequences.
- Pi - 3141 (3142 rounded up).
- Fibonacci - 0112.
- Avoid number to letter mapping that's obvious - 6453 for Mike if your name is Mike.
Be sure to use a longer pin where possible - 5 or 6 characters (or more).
Ways to Remember Your PIN
Here are a few ways to keep your PIN fresh in your mind:
- Learning by rote (memorization through repetition).
- Remembering by visualizing the keypad patterning.
- Code re-use of either a non-existent PIN or pairing of unrelated unimportant accounts.
- Code with personal meaning, as long as it doesn't produce an easy to guess pattern.
- Numbers paired with letters to prevent easily identifiable PINs.
- Code concealed in a phone number.
Other methods that don't require recalling your PIN:
- Code written down and kept separately from the device.
- Code stored in the mobile phone through a notes app or vault.
- Code written down and kept in proximity, but not visible.
- Code written down but rearranged.
- Similarly to the last point, code notated as a transformation of the code.
Sources
The common PIN list was from a Virus Bulletin article called Hearing a PIN Drop compiled by Daniel Amitay.
If you want to read up on strategies you can use to choose and memorize PINs, look at PIN Holes: Passcode Selection Strategies by David Harley.