I ran across some interesting info this evening about the results of statistical analysis on numerical passwords (Personal Identification Numbers, AKA PIN numbers, or, more correctly, just PINs) by Nick Berry, who now works as Facebook’s Data Scientist.
The article is well worth a read. http://www.datagenetics.com/blog/september32012/index.html is a direct link. Or, if you prefer, he’s done a rather good TEDx talk on it: http://www.youtube.com/watch?v=MY3XWYr726I
To save you the effort of watching what is a very entertaining talk, I’ll sum up: If you want a more secure 4 digit PIN, don’t use a trivially guessable sequence, and don’t start it with 0, 1 or 2. That alone will move you out of the top 25 most common PINs.
Also, don’t re-use your passwords and PINs. It’s a bad idea. A friend called Deviant Ollam related a very amusing story where he social engineers a relatives PIN via his mobile phone, by using it to call up and find out what the voicemail PIN is, then, correctly, guessing what the man’s credit card PIN was, because, yes, it was exactly the same! If you re-use it, it is only as strong as the weakest link of the weakest site you use it on.