PIN trust

# Your phone's PIN code is probably so bad anyone could guess it, study finds

People are really bad at creating pin codes, and a new study looks at how we could fix this problem.

Shutterstock

If you have an Apple or an Android phone—and you probably do—you have the option of locking your phone using a PIN code. With most of these phones, you can choose a four-digit PIN or a six-digit PIN. Though a six-digit PIN should be more secure, since there are more possible number combinations, it turns out it really isn't because we're so predictable with how we choose our PINs.

According to a team of researchers from Germany and America, a four-digit PIN has 10,000 possible combinations, while a six-digit PIN has around a million. Fortunately for thieves and snooping lovers, we're so bad at making unique PINs that we don't benefit from the fact a six-digit PIN has so many more possible combinations.

Philipp Markert, a researcher at the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum, said in a statement that there are common PINs lots of people use, which causes the difference between four digits and six to be negligible.

"Mathematically speaking, there is a huge difference, of course," Markert said. "However, users prefer certain combinations; some PINs are used more frequently, for example, 123456 and 654321."

The researchers compiled a list of the most commonly used PINs. One that might seem odd when you're reading but makes sense when you're looking at your phone is 2580, which is popular because it starts at 2 and then goes straight down the middle of the phone. Obviously, 0852 is the opposite of that.

Common PINs:
The ten most popular four-digit PINs are: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998
The ten most popular six-digit PINs are: 123456, 654321, 111111, 000000, 123123, 666666, 121212, 112233, 789456, 159753

The researchers found most PINs are safe enough because phones typically lock after a number of wrong guesses. However, if your PIN is one of the ones above or your PIN is your birthday and the person trying to unlock your phone knows you, then there's a good chance they could get in.

An iPhone warns you when you've chosen a commonly used PIN because Apple has a "blacklist" of 274 common number combinations, but it doesn't stop you from using the PIN. The researchers argue the blacklist should include around 1,000 combinations.

The researchers also found that PIN codes are significantly more secure than locking your phone with a pattern lock. Phone security experts usually recommend PIN codes as the smart way to lock your phone, but you just need the numbers to be random so they'll be extremely difficult to guess.