Experts Identify the 20 Most Dangerous PIN Codes for Smartphone Security

Security researchers Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv conducted a study on how users choose PIN codes for their mobile devices and how they can be encouraged to use more secure number combinations. The study found that using six-digit PIN codes is not significantly more effective than four-digit ones.

During the experiment, users of Apple and Android devices were asked to set either four- or six-digit PIN codes. Some participants could freely choose their PIN, while others were only allowed to select combinations not included in a blacklist. If they tried to use a banned combination, they received a warning.

The researchers used various blacklists, including one extracted from iPhones in a separate experiment. Despite the mathematical difference—four-digit PINs allow for 10,000 combinations, while six-digit PINs allow for 1 million—users tend to prefer certain number sets and use them much more frequently, such as 123456 and 654321.

According to the experts, an “ideal” PIN code blacklist should contain about 1,000 entries and differ slightly from Apple’s list. The most common four-digit PIN codes were found to be:

• 1234
• 0000
• 2580
• 1111
• 5555
• 5683
• 0852
• 2222
• 1212
• 1998

The most common six-digit PIN codes were:

• 123456
• 654321
• 111111
• 000000
• 123123
• 666666
• 121212
• 112233
• 789456
• 159753

The researchers plan to present their findings at the IEEE Symposium on Security & Privacy in San Francisco, USA, in May 2020.