**4-digit** = 10^4 = **10,000** combos. **6-digit** = 10^6 = **1,000,000**. iPhone has defaulted to **6 digits** for years, because without rate-limiting (specialized hardware attack) **4 digits crack in seconds**, 6 in hours. For everyday use **4 digits with anti-weak-pattern filtering is enough**.

What are the most common weak PINs?

Per leaked-PIN research (DataGenetics 2012, 3.4M+ samples): **1234** (~11%), **1111** (~6%), **0000** (~2%), 1212, 7777, 1004, 2000, 4444, 2222, 6969. **Top 20 weak PINs = ~27% of all PINs**. Generator blocks them.

Is the PIN really random?

**Yes**. Web Crypto API (`crypto.getRandomValues`), cryptographically secure generator. Plus **rejection sampling** to avoid bias when mapping to 0-9. We do NOT use `Math.random()`.

Does the PIN reach the server?

**No**. Generation, copying, weak-pattern filtering: all **in your browser**. **DevTools → Network** = no requests. PIN wiped from memory when you close the tab.

What if I don't like the generated PIN?

Click **"Regenerate"** as many times as you want, each click gives a fresh random PIN outside the weak-pattern set. **Every PIN has identical security**, pick the one easiest to remember.

Can I use a PIN as my laptop password?

**Weak choice**. Laptops have **no rate limiting** (attackers have physical access), so **a 4-digit PIN cracks in 10 seconds**. For laptop login use a **[strong password](/en/password-generator)** (16+ chars) or **[passphrase](/en/passphrase-generator)**. A PIN belongs on the lock screen.

Why "avoid years" only for 4 digits?

Because a birth year in **YYYY** format is EXACTLY 4 digits (1985, 2003). For **5+ digits** attackers don't try YYYY, doesn't fit the length. At 6 digits they try **DDMMYY** or **MMDDYY**, but the generator **already filters sequences**, so 060685 (06/06/1985) gets blocked.

PIN Generator - free | YourDevTools

Your PIN

Length6 digits

PIN generated locally in your browser, never sent anywhere.

How do I pick a secure PIN that nobody will guess?

Generates random PINs (3-8 digits) for your phone, card, intercom, alarm, bike lock.

Filters known weak patterns: 1234, 0000, 1111, 1212, birth years 19xx/20xx (the top 25% of leaked PINs).

Everything is randomized cryptographically (Web Crypto API), never sent to a server.

How to use it

Pick the length: 4 digits (classic SIM/card), 6 digits (iPhone, Android, POS terminals), 8 digits (alarms, safes).

Leave "Avoid sequences" on, blocks 1234, 4321, 0123 (ascending and descending).

Leave "Avoid repeats" on, blocks 0000, 7777, 1212 (most common weak PINs).

For 4-digit PINs leave "Avoid birth years" on, blocks 1900-2099 (attackers try them first).

Click "Generate", copy the PIN. For phone/bank, enter it right away and don't write it down anywhere else.

When this is useful

Seven typical situations where a decent PIN saves you from a trivial mistake:

Bank card. After a card replacement or PIN change.
Phone lock (iPhone/Android). 6 digits or more; the phone's own rate-limiting protects against brute force.
Intercom or home alarm. Gate code, alarm code.
Electronic safe or combination bike lock. Combination-only entry.
Guest Wi-Fi. 8 digits is easier to dictate than special characters.
SIM card (PIN1, PIN2, PUK). When changing from default 0000.
Password manager recovery code. Backup if you forget the master.

Anywhere a device needs DIGITS only and has limited attempts (3-5 wrong = lock).

Questions and answers

Pure math: 10,000 combinations, brute force takes a fraction of a second. But most systems have rate limiting (3-5 wrong attempts = lockout). For iPhone, Android, bank cards a 4-digit PIN is fine, PROVIDED it's not obvious (1234, birth year, 1111). Our generator filters weak patterns, so an attacker can't guess in 3-5 tries.

How do I pick a secure PIN that nobody will guess?

Generates random PINs (3-8 digits) for your phone, card, intercom, alarm, bike lock.

Filters known weak patterns: 1234, 0000, 1111, 1212, birth years 19xx/20xx (the top 25% of leaked PINs).

Everything is randomized cryptographically (Web Crypto API), never sent to a server.

How to use it

Pick the length: 4 digits (classic SIM/card), 6 digits (iPhone, Android, POS terminals), 8 digits (alarms, safes).

Leave "Avoid sequences" on, blocks 1234, 4321, 0123 (ascending and descending).

Leave "Avoid repeats" on, blocks 0000, 7777, 1212 (most common weak PINs).

For 4-digit PINs leave "Avoid birth years" on, blocks 1900-2099 (attackers try them first).

Click "Generate", copy the PIN. For phone/bank, enter it right away and don't write it down anywhere else.

When this is useful

Seven typical situations where a decent PIN saves you from a trivial mistake:

Bank card. After a card replacement or PIN change.
Phone lock (iPhone/Android). 6 digits or more; the phone's own rate-limiting protects against brute force.
Intercom or home alarm. Gate code, alarm code.
Electronic safe or combination bike lock. Combination-only entry.
Guest Wi-Fi. 8 digits is easier to dictate than special characters.
SIM card (PIN1, PIN2, PUK). When changing from default 0000.
Password manager recovery code. Backup if you forget the master.

Anywhere a device needs DIGITS only and has limited attempts (3-5 wrong = lock).

Questions and answers

PIN Generator

How do I pick a secure PIN that nobody will guess?

How to use it

When this is useful

Questions and answers

Related tools

Password Generator

Passphrase Generator

Pwned Password Check

PIN Generator

How do I pick a secure PIN that nobody will guess?

How to use it

When this is useful

Questions and answers

Related tools

Password Generator

Passphrase Generator

Pwned Password Check