Skip to main content
STCU Log in >
Key pad under lock
Key pad under lock
Key pad under lock

Published April 14, 2016.

Creating a PIN that's hard to crack.

Many four-digit passwords are painfully obvious. Use these tips to protect your accounts.

There are 10,000 possible four-digit PINs, or personal identification numbers.

Yet, in an analysis of 3.4 million four-digit passwords, a data scientist found that one combination was used nearly 11 percent of the time: 1234.

"It's staggering how popular this password appears to be," Nick Berry wrote in a blog posting for DataGenetics, a Seattle company that does data analysis and technology consulting.

In his 2013 analysis, Berry found that if a thief tried the five most popular PINs, he'd find a match 20 percent of the time. That rose to 27 percent if he tried the 20 most popular number combinations.

What not to do.

Ignoring those top-20 PINs is one way to protect your PIN-protected cards, in case they're lost or stolen. Berry offered other tips, as well:

  • Don't use a year, such as the year of your wedding or a family member's birth. Four-digit numbers that start with 19 were among the top one-fifth of popular PINs. Among the most popular was 1984, the title of George Orwell's classic novel.
  • Don't go down the center of the telephone keypad. The 22nd most popular PIN was 2580.
  • Ignore pop culture. For instance, 0007 and 0070 were both common PINs - likely thanks to secret agent 007, James Bond.
  • Don't use 8068. This random number used to be the least-common PIN. But once word got out, it got more popular.

The 20 most common PIN's, identified in the 2013 analysis:

1234, 1111, 0000, 1212, 7777
1004, 2000, 4444, 2222, 6969
9999, 3333, 5555, 6666, 1122
1313, 8888, 4321, 2001, 1010

"However you select your PIN, don't tell it to anyone," warns Jim Fuher.

What to do

How do you select a PIN that's both random and easy to remember? You'll need a system.

Is your favorite car a '67 Camaro Z28? Did you run Bloomsday in 59:31? Was your daughter born at 10:13? If so, then you probably could remember a PIN that's 6728, 5931 or 1013. Or you could take four digits from a childhood address or your aunt's old phone number. You could combine the days of the month when family members were born. The possibilities are endless.

Keep your secret

However you select your PIN, don't tell it to anyone, warns Jim Fuher, fraud prevention manager at STCU. A large majority of PIN-fraud cases are "friendly fraud," meaning the account holder is victimized by a friend or family member. Finally, don't write down your PIN, especially on your debit card. Doing so gives direct access to your accounts if your card ever turns up in the wrong hands. Instead, if you can't trust your memory, create a fictitious name in your phone's contact list, and include your PIN within the fake phone number.

Just don't list it under James Bond.

Comments (0)