From The Urbach Letter –
If you recognize yours in there, it's time to change it before your security is compromised and you suffer a loss.
Where did this list come from, you may ask. DataGenetics, a "big data" consulting firm, obtained a list of 3.4 million four-digit passwords extracted from a much larger set of exposed user passwords of all types. They filtered out all but those that were exactly four digits long: a very good proxy for the bank PINs and user-set lock combos that are (understandably) harder to obtain in large quantities.
As you can see from the table, 1-2-3-4 is wildly popular. Out of the 3.4 million, a crazy-high 364,242 choices (10.713%), were this simplistic sequence. Next up, all ones accounted for nearly one in every sixteen PINs. The rest are plainly obvious: every four-the-same sequence from 0-0-0-0 through 9-9-9-9, toggle patterns such as 1-2-1-2, 1-1-2-2, 1-3-1-3, 6-9-6-9, and a countdown 4-3-2-1. The only one you might not expect is 1-0-0-4, until you think of Jack Webb in Dragnet.
Not in the top twenty but still very popular are keypad patterns like 2-5-8-0 (going straight down the middle) or 1-3-9-7 (clockwise around the corners). Also high up in the list are all the MMDD combinations with the first M zero or one, the second M zero, one, or two, and DD running from one through 31. Then there are all the four-digit years starting in the early/mid 1900's. Aside from these generally-popular choices, you'd also be well advised to avoid choosing personally-linked info such as your address, portion of your telephone number, etc.
So now you know what numbers and patterns to avoid, how do you choose a truly random PIN? If you're fully confident in your ability to remember a "nonsense" number, just throw some dice (surprisingly handy items to keep in your desk drawer) or copy down the last four digits from your car's odometer. For a more easily recalled PIN or combination, first choose a word you'll always remember and convert the first four letters to corresponding numbers using your phone dial pad. If you're in the sciences or an (ex) engineer like me, there are scores of physical constants and unit conversion factors that are burned into your brain for all time. Just pick one and use the four most significant digits for your PIN. However, avoid Pi. 3141592654 is the seventeenth most popular ten-digit password according to an expanded study.
In this age of rampant hacking, cracking, ATM card skimming, and outright physical theft, things often come down to failure of the weakest link. Don't let that be your security code.
(c) Copyright 2002-2013 Victor Urbach
This article may be reprinted with permission and attribution