David Papp Blog

4-Digit Codes

It is unfortunate that many organizations have instituted basic 4-digit codes to be used for a variety of security applications:

  • bank and credit card pins
  • luggage tags
  • garage door opener
  • home keyless locks
  • safes
  • briefcases
  • padlocks

Almost everyone uses some form of their birthdate, combination of their birthdate (month, year), or other family members.

Interesting I read recently that the top ten 4 digit codes are:

  1. 1234
  2. 0000
  3. 2500
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1998

It is estimated that the above 10 codes represent 15% of all user codes being used. Even worse is that once you know someone’s user code, they tend to use it everywhere, even for email accounts and computer passwords.

Certainly 4-digit codes have limited variations, but if you must use only 4-digits, please try and make the deterent a bit more difficult to overcome. Shake things up and use different codes in different places. And most of all, don’t be part of the 15%!

Are you guilty as well?

19 thoughts on “4-Digit Codes”

  1. You have to be pretty dense or trusting of people to use a straight digit code as your password. There are limitations to what you can do with 4 digit codes, but using the same number is just careless. I wish these companies would allow for greater flexibility in authorization codes, as I don’t think accounts would be compromised or at risk as much.

    • What’s funny is that there are other companies that do allow for greater flexibility with passwords but people still use the easiest thing they can remember. I know people who use password as password, how lazy is that?

  2. I totally agree with you. But people should be smart enough to know that obvious and silly passwords provide almost no protection at all.

  3. I’m ashamed to say I’m guilty. It’s not something evident though but I know people who use their birth year as a 4 pin on important accounts. Now, given how people would give their birth info easily to some websites, it’s scary to think if someone gets this information and uses it fraudulently.

  4. I always thought the 4-digit codes were very limiting and so I have tried my best to come up with numbers combination that weren’t too obvious. I never used birth dates. Looking through the list, I am glad to see that none of my codes made the list.

    But I must say I am surprised by the obviousness of the codes — 1234, especially. That’s kind of like people using “password” as their password. A terrible choice!

    I do hope the 4-digit codes will be eliminated sooner rather than later, especially for banking. For better security I would think codes should be at least 6 to 8 digits in length.

  5. I am really hoping that 4-digit codes are removed from many programs and appliances around the internet and household. Many user generated pass codes are just very easy to guess like 1234 or 0000. People need to learn to make a code more hard to guess and not simple. If passwords were to be extended than you would not have to worry about theft through random accounts of break ins.

  6. Yeah 4 digit codes can be a problem if found out because people do tend to use them for everything. That’s why I’m definitely hoping that the rumors are true and that the next IPhone will indeed a fingerprint scanner to replace having to input a 4 digit code to unlock a phone.

  7. Phew! I feel relieved that none of my 4 digit codes is among the listed. It is not too original, but it is not a part of my ID number either XD Anyway, it is harder to come up with hard to guess cide with only for numbers to work with. And I think the problem is not that much with the possible combinations but with the way our mind works.

  8. No I’m not guilty because my 4 digit code is… Hahaha just kidding. I always change my codes to the point that I forget what they are. It’s not safe to use birthdays and phone numbers so I just write everything down. I put the list in an unlikely place at home where even family members can’t find them. They are written in a line without spaces and I’m the only one who knows where the spaces are supposed to go.

    • I use a notepad application on my phone and then encrypt it just so that my security details are still protected if ever it gets stolen. That said, it’s kind of hard to keep tabs on different passwords so that helps me loads.

  9. Most of my employers have also used 4 digit passwords. But they were not the string of numbers that you posted above as the most common 4 digit codes, thankfully. I would say that a 6 digit sequence of numbers would be ideal. We can remember 7 digit combinations like phone numbers but struggle with 8 numbers in a row. 6 seems to be the best number of digits that provides more extensive security but is also easily remembered.

    • Because of this, I tend to pick the banks that offer 6 digit security instead of the usual 4 digit ones locally. I can mix it up and I do also encourage my parents to get creative with their passcodes instead of the usual ones seen here.

  10. There are people who are capable of hacking accounts due to this situation. Many people refuse to take the time to analyze which passwords are the best to use but rather they just choose easy to remember passwords for their sake. But it is always wise to use symbols and numbers in your passwords for that it can be more difficult for hackers to crack it.

  11. Using 4 digit codes are becoming easier to crack everyday. I personally do not use any 4 digit codes, except for my PIN numbers.

  12. I find it disappointing that folks are using 4-digit codes even in places where they’re not being forced to. It’s already bad that banks rely on 4-digit codes, so why would anyone put themselves through risks if they have an option to use better passwords?

    Even worse, though, are providers that artificially impose a 4-digit code, or some similar password constraint. It’s one thing for banks to rely on 4-digit codes, when there are historical reasons that have made it that way and it would probably be very costly to implement a more robust system. It’s another thing entirely for websites to impose 4 (or 6 or 8) digit passwords, when they had the benefit of hindsight, and the ability to implement any security system they wanted.

    Unfortunately, I’ve seen far too many sites that impose this kind of artificial limit on passwords. It’s worrysome.

  13. I could see something simple like “1234” and “0000” as a code, but 5683? Or 0852? It doesn’t seem like those would have any significant value to a specific person, unless their birthday was May 6th, 1983, or August, 1952, but that’s about it. I can’t really see any pattern to that code at all, other than that.

    • I know, right? I also wondered why those codes made it to the list, because I can’t really see how so many people could pick the same code? it’s a bit odd, because 1234 is obvious, but not 5683! I’m actually glad I read this article, because odds are I could have picked that number randomly in the future.

  14. Fortunately, I read a similar article a few years ago. It said the same thing for online passwords (for websites requiring more than 4 digits). So, from then on, I stopped using: 1234. Yep, I used to be that person. Now, I made it a bit more difficult. There’s no need to gift a thief with my private information or money.

  15. Phew! Relieved to read mine is not in the list, but I really can see why some people picked a few of those numbers, specially 5683 and 0852. Those two codes don’t look like they’re so easy to guess, so I don’t blame them for picking them! It’s scary, but it gets harder and harder to find a safe 4 digit code. I actually need to get a new one soon.

    Thanks for the info, so very informative! I’ll make sure never pick any of those codes.

Comments are closed.