Cybersecurity study reveals the most used 4-digit PIN numbers — and some were truly unexpected

One of the first and most important steps for securing everything from bank accounts to social media handles and emails is setting the right password. One needs to make sure that it's something they can remember, but at the same time, it should not be something obvious like their birth date or any other day significant for them. Despite this, a recent cybersecurity study has found that 1234 remains the world’s most common PIN, alongside other simple, predictable combinations. While PINs are only a small part of the overall cybersecurity cover, they still play a vital role in protecting assets.

Jake Moore, a global cybersecurity expert at ESET, warned that many people still rely on easy pins, making them prime targets for hackers. According to Moore, using personal information like birthdates or familiar number patterns is a widespread but risky habit. Even more concerning is how people tend to stick with the same passcodes for years. A data analysis originally compiled by the late Nick Berry examined 3.4 million PINs and revealed that the majority follow simple sequences or repeating patterns. Following 1234, the second most common PIN is 1111, accounting for six percent of the entries in the study.

The next most popular PINs, which accounted for about 2% of all passcodes, were 0000 and 1212. The PIN combinations 7777, 1004, 2000, 4444, 2222, and 6969 were also on the list. Furthermore, the research indicated that a hacker could crack one-third of the examined PINs with just 61 guesses. Even with only five attempts, they could guess 20% of them. The study also highlighted the least commonly used PINs. It was 8068, which appeared just 25 times out of 3.4 million passcodes, followed by 8093, 8398, 7638, 8428, and 8285.

Research by password manager NordPass also revealed that 70 percent of passwords can be hacked in under a second. Tomas Smalakys, CTO of NordPass, said, "To make matters worse, almost a third (31 percent) of the world's most popular passwords consist of purely numerical sequences. Such passwords can be hacked almost instantly, as hackers use automated systems rather than typing them out." Once hackers gain access to an account, they can steal a person's data and exploit it to carry out targeted attacks on others, as reported by the Daily Mail. Smalakys added, "For example, seemingly minor details such as your full name or birthday can be used to craft more sophisticated and personalized phishing attacks."

The challenge is that while strong, hard-to-guess passwords are crucial, they’re often just as hard to remember. To solve this, experts recommend using a secure, reliable password manager to safely store all your passwords. Moore said, "People put themselves at risk by having weak passwords and PIN codes and often do not fully understand the threat until they are compromised. Password managers offer all the security for when such information cannot always be remembered plus they can help generate completely random codes so you don’t rely on your birthday or anniversary." Meanwhile, along with selecting unpredictable, hard-to-crack PINs, it has also been advised to update the PIN regularly for enhanced security.