In an ideal world, PINs would follow a uniform distribution - that is, people would use totally randomly assigned PINs - but of course, people don't do that. In fact, interesting patterns emerge when looking at PINs in the real world. One of the more interesting graphs from the PIN analysis:
This chart shows a couple of interesting things:
- Numbers starting with 19xx are among the most popular PINs - almost certainly because people are using birth years or anniversaries as their PINs. Don't do this - it's very easy to find out the birthdays or anniversaries of yourself or your immediate family.
- The most frequently used PINs are used a lot - one third of all PINs could be guessed by trying only 61 distinct combinations (many of which start with 19xx), and 50% of all PINs could be guessed with only 426 combinations (far different from the 5,000 guesses it would take if PINs were randomly distributed).
If you need to improve your PIN security, you can just use the random PIN generated by the bank when you sign up for a bank account, or you can use PWGen (see my previous post on security) to generate a random PIN yourself - just double-check it to make sure the PWGen program doesn't generate a random PIN that is one of the very popular PINs below.