PIN Security Guide
When a service limits you to a numerical PIN, choosing a random one matters. Research analysing millions of leaked PINs from data breaches shows that people consistently pick predictable patterns. This guide explains which PINs to avoid and how to choose safer ones.
Try the PIN risk map
See how common and predictable a 4 digit PIN looks at a glance. Your PIN stays on your device.
Open PIN risk mapMost common PIN patterns to avoid
Studies of millions of PINs reveal that certain patterns appear far more often than others. Attackers who know these patterns will try them first. The table below summarises the riskiest patterns—avoid all of them.
| Pattern type | Examples | Why it is weak |
|---|---|---|
| All same digit (duplicates) | 0000, 1111, 2222, 9999 |
Only 10 possible combinations. One of the first patterns attackers try. |
| Same two pairs | 0011, 2233, 1212, 6969 |
People reuse the same two digits. Easily guessable and very common in breach data. |
| Triplicates or repeated groups | 0001, 1222, 223344, 112233 |
Repeating groups (e.g. 22-33-44) are memorable but also highly predictable. |
| Sequences (ascending) | 1234, 0123, 2345, 6789 |
Among the most common PINs. Often in the top 5 of every breach dataset. |
| Sequences (descending) | 4321, 9876, 3210 |
Same problem as ascending. Slightly less common but still very guessable. |
| Birth dates (MM/DD or DD/MM) | 0101 (1 Jan), 1225 (25 Dec), 3103 (31 Mar) |
Dates are easy to remember but attackers can guess common dates (New Year, Christmas, etc.) or try dates from social media. |
| Birth years | 1985, 1992, 2000, 1975 |
Years from the last 100–150 years are extremely common. If an attacker knows your approximate age, they can narrow it down further. |
| Keyboard patterns | 2580 (straight down), 1470, 3690 |
Vertical or diagonal lines on a keypad are easy to type and easy to guess. |
| Cultural or lucky numbers | 7777, 8888, 1701 (Star Trek), 1337 |
Pop culture references and “lucky” numbers appear in breach data more often than truly random PINs. |
How to choose a safer PIN
- Use letters where possible. If your phone, laptop, or app offers an alphanumeric passcode, enable it. Mixing letters and digits increases the number of combinations dramatically.
- Use a generator. Our PIN generator creates random numerical PINs. For 4-digit PINs, it avoids values that look like birth years or weak patterns.
- Longer is better. If the service allows 6 or 8 digits, use them. A 6-digit PIN has 100 times more combinations than a 4-digit one.
- No personal links. Avoid anything tied to you: birth date, anniversary, year, house number, or phone digits.
- No obvious patterns. Skip sequences, repeated digits, and keyboard runs.
Why birth years are especially risky
Analysis of millions of PINs shows a strong band of common PINs in the 19xx and 20xx range—birth years. An attacker who knows or estimates your age can try a small set of years. Even without that, years from the last 150 years are among the first values automated attacks will try. For 4-digit PINs, we recommend avoiding anything that could be a year.
When a PIN is your only option
Some systems (e.g. ATM cards, phone locks, building access) only allow numerical PINs. Where you can, use 6 or more digits. Where 4 digits are mandatory, pick something that is not in the table above. A random 4-digit PIN from our generator—one that is not a year, date, sequence, or repeat—is a much safer choice.