Change Your PIN Code Now If It’s On This List
Change your PIN now if it is on this list.
Update, May 26, 2025: This story, originally published May 24, has been updated with a brief history of PIN codes, information regarding the most secure codes you can use and why 8068 really isn’t the safest number despite the claims of some security experts. It also now contains a list of passwords that must be avoided at all costs.
Passwords are under attack, that’s a given. Whether it’s from initial access malware looking to open up networks for ransomware attacks, public databases containing hundreds of millions of stolen plaintext credentials, or state-sponsored threat actors with spying on their minds. Nobody can say they are unaware of the dangers of weak or reused passwords, but what about your PIN code? Yes, those four digits that are used when unlocking your smartphone and all the valuable data it provides instant access to. OK, so you might argue that you use your fingerprint or face to unlock your Android or iPhone, which is fair enough, apart from when there’s been an update, reset, or something goes wrong and you have to resort to your PIN after all. What if there were a list of 50 PIN codes that should, under no circumstances, be used? Read on.
Do Not Use These 50 PIN codes
PIN codes are not, let’s face it, the most secure means of restricting access to your valuable smartphone. Yet they are used to lock your SIM card and the device itself. They underpin, if you’ll excuse the pun, the biometrics that you rely upon to gain quick and safe access to your iPhone or Android when you are out and about, and are required under certain circumstances, whether you have fingerprint or facial recognition enabled or not. I mean, do the math, and you’ll learn that a four-digit PIN “only” requires 10,000 attempts at the most in order to crack it, if you include 0000 and 9999. That’s still a lot of faffing around, of course, and there are far easier and much quicker ways to crack certain PIN codes. And that, dear reader, is where the danger list comes in.
When it comes to advice about choosing a PIN code for your smartphone, if you want to prevent friends and family, even work colleagues, from being able to take a quick look at your stuff when you pop to the toilet without it, it’s best to avoid birthdays and anniversaries. That’s another given. But what if they could have a really good chance of cracking what appears, to you and many others at least, like a random code that has no obvious personal connection?
An analysis of more than 29 million PIN codes that turned up in data breach lists, discovered that one in ten people used the same four numbers. That analysis produced a list of the top 50 PIN codes found, and as such, these are the ones used by most people and so the ones to avoid. After all, if I can find this list, so can smartphone thieves.
Here’s the list of 50 PIN codes you should never use.
- 0000
- 1010
- 1111
- 1122
- 1212
- 1234
- 1313
- 1342
- 1973
- 1974
- 1975
- 1976
- 1977
- 1978
- 1979
- 1980
- 1981
- 1982
- 1983
- 1984
- 1985
- 1986
- 1987
- 1988
- 1989
- 1990
- 1991
- 1992
- 1993
- 1994
- 1995
- 1996
- 1998
- 2000
- 2002
- 2004
- 2005
- 2020
- 2222
- 2468
- 2580
- 3333
- 4321
- 4444
- 5555
- 6666
- 6969
- 7777
- 8888
- 9999
I sorted the list into numerical order to make it easier to check to see if you were using a dangerous PIN, but here are the top ten by most-used code numbers:
- 1234
- 1111
- 0000
- 1342
- 1212
- 2222
- 4444
- 1122
- 1986
- 2020
A Brief History Of The PIN Code
The invention of the Personal Identification Number is most commonly attributed to James Goodfellow, who patented the technology alongside his other hugely influential creation, the Automated Teller Machine, in 1966. The first ATM in use was installed in London by Barclays Bank in 1967, while the first PIN code security measure for bank cards had to wait until 1972 when Lloyds Bank introduced them with information-encoding magnetic strips on and a PIN code for added security. The history of the PIN in security gets a little complicated, as there was another patent, in 1972, filed by Mohamed M. Atalla for a PIN verification system using a hardware security module. The so-called Atalia Box, which was launched commercially in 1973, as a product called the Identikey, was the first card reader ID system with a PIN that would go on to replace the need for signatures. For this reason, and somewhat confusingly, Atalla is often referred to as the father of the PIN.
Not Just PIN Codes – Add These Passwords To The Never Use List
It would be remiss of me not to share details of the password lists you need to check your credentials against, as a matter of some urgency, as well as the already mentioned PIN codes. A combination of research into the most commonly used passwords that have been found in data breach databases for personal and enterprise use, as well as being analyzed on a geographical basis, has produced a list of dangerous passwords to avoid. I have further combined these lists here for ease of accessibility, but head for the original article to get the full picture.
- 000000
- 111111
- 11111111
- 121212
- 123123
- 12345
- 123456
- 1234567
- 12345678
- 123456789
- 1234567890
- 555666
- aaron431
- abc123
- abcd1234
- ABCDEF
- admin
- charlie
- dragon
- iloveyou
- lemonfish
- liverpool
- monkey
- password
- password1
- qwerty
- qwerty1
- qwerty123
- secret
- tangkai
- user0123
- welcome
- woaini
What Are The Most Secure PIN Codes To Use In 2025?
Let’s start by saying that 2025 certainly isn’t on my list of safest PIN codes as it breaks the don’t use a date golden rule. If we discount not only using the same four digits, which the dangerous list has proven to be a big no-no, but also repeating any digits at all, at least when it comes to a four-digit PIN code, and more on that in a moment, then the choices start to narrow somewhat. The number of permutations where the digits do not repeat within the code itself is 5040 if Professor Google and a calculator have not let me down. This allows for both 0123 and 0321 to be different codes, as no digits repeat within each separate PIN. That has already all but halved the number of codes available to choose from, a good start. Back in 2012, a study of stolen credentials determined that the least popular, and so by definition the safest, PIN code was 8068. To this very day I have seen this still being quoted as a fact, or at least a statistical fact, but, of course, wearing my hacker hat I can tell you that’s very wrong indeed. As soon as 8068 was named online, it became anything but safe. As soon as you could Google what’s the safest PIN code and get 8068 returned, it became a very weak number instead. The same applies to the other numbers noted in the study, 6835, 7637, 8093, and 9629.
So, what are the most secure PIN codes to use in 2025? Random is always best, unless you are choosing from a very small base pool to begin with, as is the case with four-digit PIN numbers. The answer to the question, therefore, is to increase the pool and increase the odds in your favor. To do this, simply stop using four-digit PINs altogether and start using sixt-digit ones, or better yet in my never humble opinion, ten-digits. Interestingly, there’s an international standard for PIN code management in financial services, ISO 9564-1, and this allows for PINs of up to 12 digits. However, it recommends six as being the longest deployment for reasons of usability. This is why many online services and apps require a six-digit PIN as a backup user verification method rather than the more common four-digit ones we see employed on lock screens. The longer it is, the harder it is to guess, assuming that the same basic principles of PIN code construction apply.
To do this, opt to use a password instead of a PIN number to lock your phone, and just employ numbers instead of characters. You can then have a custom-made PIN code that is both much harder to guess or crack, while remaining easy enough to remember. My smartphones are protected by ten-digit PINs using just this method and I have never looked back.