There’s a noticeable bias to using 10,11, or 12 as either the 1st and 2nd or the 3rd and 4th digits too, especially where the other two digits are lower. Like 11XX, or XX12. Wonder if there’s a conscious reason for that or just a notable unconscious human bias for some number combinations?
As you said, 4 digits is not enough to make something secure to a computer. 10,000 permutations is milliseconds of computation.The only reason it’s at all secure for a credit card is because you’re generally only using the PIN for in-person transactions where there are more practical limits on attempts (Narrator: “After 2 hours and 632 attempts, the cashier began to get suspicious…”), if not hard cut offs from the bank/processor for failed attempts. If we’re being realistic, as long as your PIN isn’t in the first 3-6 numbers they can try, it’s probably secure enough in itself. Theives want low hanging fruit. Easier to try to social engineer your PIN then to manually brute force it. As long as you’re avoiding the most obvious first attempt numbers, go ahead and use your dog’s birthday or your childhood home’s address. It’s fine.
Maybe, but you would expect there to be about as many people with September birthdays to be using 09 as those with October birthdays using 10, I would think. But there is a very significant gap in their frequencies.