We have all been there — we want our PIN to be convenient, easy to remember and comfortable to type. So we end up with a not-so-creative group of numbers, such as “5678” or “1111”.
There, problem solved. Or is it?
It is good to keep in mind just how easy it is to guess these common combinations. A few years ago, DataGenetics scrutinized a database of 3.4 million stolen PINs and uncovered some startling findings:
- Nearly 11% of the four-digit combinations were “1234”.
- More than 26% of all accounts used one of the top twenty most popular combinations — all based on a sequence or repetition of numbers.
Let that sink in for a while.
If someone stole a certain number of debit cards or PIN-protected devices and they tried the top 20 most common combinations, they would probably gain access to one-quarter of them. If they tried “1234” alone, they would be able to access approximately one in ten of the analyzed accounts.
Your funds deserve more than that.
However, don’t panic yet! You can exponentially increase the security of your Trezor device by trying some of these safety tips:
- Avoid all sequences (e.g. “1234”) and repetitions (e.g. “222” or “3344”)
- Avoid dates, years of birth, or other personal numbers, such as SSN.
- Use a PIN longer than four digits.
- To get a more random PIN, try combining some numbers that are easy for you to remember, such as your shoe size and the last digits of your friend’s phone number.
- Use a number that is significant for you and add five (or a different number) to each digit, e.g., “110492” becomes “665947”.
Pro tip: When setting up your Trezor, use the first two rows of the PIN layout as your PIN. As Trezor displays the buttons in a random order, this way you will have a random PIN, with no repeating numbers.
Trezor lost or stolen? Don’t worry.
Brute-forcing the PIN on a Trezor device is extremely difficult, as Trezor exponentially increments a countdown timer on every incorrect PIN entry.
After the first few failures, you have to wait several seconds before trying again. Every time you enter a wrong PIN again, the wait time increases by a power of two.
Moreover, the device wipes itself after 16 incorrect attempts.
That is why, with the right PIN, this layer of protection is nearly unbreakable.