What pin is considered to be the most commonly used pin?

PIN code lengths of five, seven, or eight+ digits are indeed good because they're nonstandard, which will combat PIN recycling. Any other justification seems to fall short.

PINs should always be implemented with a limited number of attempts allowed, banning automated PIN entry. The iPhone, for example, can be configured to wipe itself if you fail to enter your PIN ten times between unlocks. Banks will lock your account after a certain number of attempts. This isn't always the case, but I consider it necessary to counteract the ridiculously weak security PINs provide.

We're talking about trivial offline or automated cracking:

For a properly secure digital code, you'd need 14 digits for an offline crack time to exceed a year, and that's assuming something robust like PBKDF2 (this chart assumes PBKDF2 with a speed of 300k guesses/sec) rather than the vastly more likely plaintext code storage.

To this question's point, making it harder to map codes is better, as people so often conflate "random", "arbitrary", and "obscure", then fail spectacularly at estimating what is or is not obscure.

PINs with five or seven digits may avoid current patterns with four or six digits, but as kenlukas's answer points out, this will simply shift what people choose in their bad attempts at obscurity, such as postal codes or dates. There are 75% odds of a date that fits mddyy (or ddmyy) since there are only three months that miss (365 minus the days in October, November, and December is 273, 273/365 = 75%). Increase that to allow mmdyy/dmmyy and single-digit years between 2000-2009 and it gets worse.

An attacker can guess a ZIP code, for example, by using its ordered structure; if you're from a rural state or large metropolitan area, your ZIP code can be guessed in a few guesses because all codes in the area are similar. ZIP codes are therefore extremely insecure. At least with a mmdd code, there are 365.25 possibilities, though attackers will start with your and your loved ones' birthdays and anniversaries.

For dates, a six-digit code's 1000000 possibilities get reduced to 36525 and a birthdate can be narrowed to 1826 assuming you can guess the person's age within a five year span. (Five digit variations actually introduce complexity here, but it's not much.)

Seven-digit PINs will bring in the possibility of childhood phone numbers, which are at least harder for an attacker to socially engineer (especially for retired numbers).

Still, more is always better, so moving a requirement from four to five is great, but you might as well go to six. Aspire to longer codes barring compatibility concerns (I remember a conversation in 2002 in which a friend couldn't use their bank card in Europe because that bank didn't support six-digit PINs).

I'm hoping PINs fade away thanks to 2FA solutions like TOTP and HOTP, but I expect that transition to be slow and legacy support will continue for another decade or two.

Learn how to protect your prime numbers.

How easy would it be for someone to guess your PIN—you know, the four-digit number you use at ATMs and when you make a purchase with a debit card? Researchers at the data-analysis firm DataGenetics scrutinized a database of 3.4 million stolen passwords and uncovered some startling statistics.

How safe is your PIN really?

Imagine, for example, a hacker’s odds of randomly guessing the correct number is one in 10,000. If he has three tries, odds increase to one in 3,333. If your PIN is your birth date, a year in the 1900s, or an obvious numerical sequence, the odds go way up. So much so, consider it one of the 16 clear signs you’re about to be hacked.

A common PIN is a guessable PIN

The DataGenetics group found that the three most popular combinations—1234, 1111, and 0000—account for close to 20 percent of all four-digit passwords. Every four-digit combination that starts with 19 ranks above the 80th percentile in popularity. Month/day combinations—those in which the first two digits are between 01 and 12 and the last two are between 01 and 31—are also popular. So choosing your birthday or your birth year makes your password significantly easier to guess. Even this infamous hacker got caught with a password of his pet’s name.

Safety in randomness

But there is some hope. For instance, the least popular combination, 8068, appears less than 0.001 percent of the time. Probably because it’s so random—it follows no discernible pattern such as a date or repetition of numbers.

“Statistically, 8068 is the safest PIN,” says Tyler Moffitt, senior threat research analyst at Webroot. “Other good numbers are 7637, 6835, and 9629. But that’s mainly because they follow no pattern, isn’t a date, or repetition of numbers, or the column of the keypad (2580).”

DataGenetics discovered that the combination 2580 was the 22nd-most-popular PIN (most likely because those four numbers appear in a single column from top to bottom on a phone or ATM keypad), that people prefer even numbers to odd (2468 ranks higher than 1357), and that far more passwords start with 1 than any other number.

So what can you do?

Unfortunately, because you (and other readers) now know the safest pin out there, you might want to consider something else. Reader’s Digest turned to cybersecurity analyst Jamie Cambell, PhD, and Director of Content at Security Baron, Gabe Turner, for their advice. Here are some savvy suggestions:

• Pick obscure dates like when you had your first kiss or the time you were born.
• Go with a birthday of a close friend, the date of your favorite holiday, or the current time.

Whichever password you go with, change your PIN periodically, especially when you hear about a data breach. “With most banks, you can change the card’s PIN right at the ATM, by selecting ‘Other Options’ or something similar to that. Just be sure to use the same precautions noted above when typing in the new PIN,” says Jason Glassberg, co-founder of Casaba Security.

Now that your PIN is (hopefully) more secure, make sure you know the 10 times swiping your debit card could put your money at risk.

What is the most common PIN?

What is the best PIN number?

What is the most commonly used ATM PIN number?

What is the best password PIN?