PIN Generator

How to use?

Escolha o comprimento e a quantidade de PINs e clique em Generate PIN. Os PINs são gerados de forma aleatória e segura no seu navegador.

The PIN, from Glasgow to your pocket

The Personal Identification Number was invented in 1967 by the Scottish engineer James Goodfellow while he worked on the first automatic cash-dispensing machines for Smiths Industries. His patent — UK 1.197.183, later acquired by IBM — paired a magnetic card with a numeric secret typed on a small keypad. Goodfellow originally proposed a 6-digit code, but the project lore says his wife could only memorise four digits, so the team trimmed it down. Six decades later, the 4-digit PIN remains the dominant standard on bank cards worldwide.

A PIN is, mathematically, a very short password. A 4-digit PIN has 10⁴ = 10,000 combinations and roughly 13.3 bits of entropy. A 6-digit PIN has 1,000,000 combinations and ~19.9 bits — a 100x larger keyspace for only two extra keystrokes. For comparison, an 8-character random alphanumeric password carries ~47 bits.

Why human-chosen PINs are weak: the DataGenetics study

In 2012, Nick Berry (DataGenetics) analysed 3.4 million leaked 4-digit PINs and found that the top 20 codes alone cover about 26.8% of the entire population. The ranking is remarkably stable:

1234 · 1111 · 0000 · 1212 · 7777
1004 · 2000 · 4444 · 2222 · 6969
9999 · 3333 · 5555 · 6666 · 1122
1313 · 8888 · 4321 · 2001 · 1010

A brute-force attacker who guesses these 20 codes in order has a roughly 1-in-4 chance of unlocking the account on the very first attempt. Common weak patterns include:

• Birth dates encoded as DDMM or MMYY
• Phone-number fragments or address numbers
• Ascending or descending sequences (1234, 4321)
• Single-digit repetitions (1111, 7777)
• Keypad patterns (2580, the vertical centre column)

Where PINs are used today

• Bank cards — 4 to 6 digits, EMV chip + PIN flow
• SIM cards — 4 to 8 digits, plus a PUK to unlock after 3 wrong tries
• iPhone passcode — 6 digits by default since iOS 9; 4-digit was the old standard
• Windows Hello PIN — minimum 4 digits, optionally alphanumeric, tied to TPM-protected device key
• Voicemail, alarm systems, hotel safes — typically 4 digits

Card networks (Visa, Mastercard) and the PCI-DSS standard prohibit storing PINs in plaintext at any point. PINs travel in encrypted PIN blocks defined by ISO 9564 and are verified inside HSMs (Hardware Security Modules) that never expose the cleartext.

FAQ

Is it safe to base a PIN on my birthday or phone number? No. Anyone who finds your wallet usually has access to your driver's licence or social media, both of which expose birth dates. Roughly 1 in 6 PINs follow a date pattern.

How many digits should I use? Six or more when the system allows. The marginal effort of typing two extra digits buys you a 100x larger keyspace.

Is this generator cryptographically secure? Yes — it relies on crypto.getRandomValues(), the Web Crypto API's CSPRNG. Avoid generators that use Math.random(), which is not designed for security and is predictable.

Does the PIN leave my browser? No. Generation happens entirely client-side in JavaScript — nothing is transmitted to the server.