Sale % Sale Holiday sale Sale Sale % Sale Sale Holiday sale Sale Sale % Sale Sale Holiday sale

PINs vs. Passwords: Which is more secure?

Maciej Bartłomiej Sikora
Content Writer
PIN vs password

Are you team passwords or team PINs?

Passwords and secret codes have been used for thousands of years to keep information safe and private. In today's digital world, we continue to rely on these methods to protect our data and online accounts. Most people use either passwords or PINs to secure their digital assets, and there has been an ongoing debate about which is more secure.

Some users find PINs secure enough and appreciate that they're short and easy to remember. Password advocates argue that PINs, usually just a few digits long, offer far fewer combinations, making them more vulnerable to cyber attacks. There are also those who suggest that both PINs and passwords serve the same purpose of authentication and can be equally safe, as well as people who doubt the security of either approach.

Let's explore this topic to see whether PINs or passwords offer greater security.

What is a PIN?

To understand PINs and passwords, let's start with the basics. PIN stands for "Personal Identification Number," a numerical code used to verify a user's identity. PINs were first introduced in the 1960s along with cash machines (ATMs), and to this day, a typical PIN consists of four to eight digits, providing a relatively simple way to authenticate a person.

The simplicity of a PIN has its pros and cons. Because it's usually short and made up of numbers, a PIN is easy to remember. However, if a PIN has only four digits, there are just 10,000 possible combinations. While that might sound like plenty, in today's world of advanced technology, it's not as secure as you'd think. It’s actually super easy for powerful computers to crack these PINs.

PINs are usually entered manually on touchscreen devices, which makes automated brute-force attacks less effective. Additionally, most systems that use PINs have a limit on the number of failed attempts allowed before locking the user out. For instance, if a device only allows six attempts to enter a PIN, there is a 0.06% chance that someone could crack a four-digit PIN simply by guessing. However, if your PIN is as common as '0000' or '1234,' the chances of getting hacked go up significantly.

What is a password?

A password is a secret word, phrase, or string of characters used to confirm someone's identity or to gain access to a system, application, or device. It can be just about anything—a word, a set of numbers, or a mix of both. To make it secure, a strong password should combine numbers, uppercase and lowercase letters, and special characters and be at least 12 characters long.

Like PINs, digital passwords first appeared in the early 1960s and have been in use ever since. If you take a 10-character password, it can have a massive 59,873,693,923,837,900,000 possible variations. This might make you think you already know which of the two options is more secure, but things aren't as straightforward as they seem.

Passwords are often used for online accounts or devices that usually don't have a limit on failed login attempts. This makes them vulnerable to automated brute-force attacks, where a program systematically tries all possible combinations to crack the password. Not every brute-force attack is practical, though, because it could take years to break into a strong password. However, hacking technologies are evolving quickly, making these attacks more efficient and raising the odds of success.

Password vs. PIN: Which is safer?

It's time to answer the big question: Which is safer, passwords or PINs? Technically, passwords are more secure if they're strong enough. Even with the latest hacking software, it could take hundreds of years to crack a complex 12-character password. Using a 16-character password might extend that time to thousands of years. So, if you're looking to protect your device or online account, using a strong password is a better choice than a PIN.

This doesn't necessarily mean you should stop using PINs altogether. PINs are a practical and secure method to unlock your touchscreen device, for example. Using them is quick and often has a limited number of attempts before locking, adding an extra layer of protection.

However, if you really care about the security of your online accounts and digital assets, consider using both passwords and PINs generated by a multi-factor authentication (MFA) tool. In this case, after you enter your account's password, the MFA tool prompts you with a unique PIN that you must enter to verify your access. This extra layer of security ensures that even if someone gets hold of your password, they won't be able to access your account without the additional verification step.

How to create a secure PIN

If you are to create a PIN for your touchscreen device or credit card, make sure it is as secure as possible. Here are some guidelines on how to achieve that:

  1. Stay away from simple, easily guessable PINs like "1234," "0000," "1111," "123456," or "9876."

  2. Don't use personal information such as birthdates, anniversaries, phone numbers, or other details that someone could easily guess.

  3. Don't write down your PIN or store it in an insecure manner (like a note on your phone)—just memorize it.

  4. If possible, create a PIN that is longer than four digits.

How to improve your password security

The first thing you should do to improve your password security is to ensure that all your passwords are strong and stored securely. Since we’ve already stressed the importance of unique and complex passwords, let’s now shift our attention to the storage part.

Many people still keep their passwords in their notebooks or notes on their phones, not realizing how insecure that is. But the reasoning behind this habit isn't too surprising. After all, memorizing all your passwords isn't exactly easy. According to our study, the average person juggles a whopping 87 passwords just for work. For most of us, this is way too many to even try to remember. So, how do you address this problem? You use a reliable password manager like NordPass.

NordPass provides an encrypted virtual space where you can safely store and manage all your passwords, passkeys, credit card details, and other sensitive information. It is also lightning-fast at generating strong passwords, allows you to securely share credentials with the people you trust, and even checks if your login data has been compromised in a breach. So, if you’re looking for a way to improve your password security, NordPass is your go-to solution.

Try passwordless authentication

It might come as news to some of you that nowadays, you can skip the whole dilemma of choosing between PINs or passwords altogether and opt for a far more secure solution. This is because there is a new authentication method that lets you securely log in to websites and apps without entering a password or a PIN—and it’s called “passkeys”.

A passkey consists of two distinct cryptography keys: a public key, which is registered with the website or app, and a private key, which remains stored locally on your device and never leaves it. During login, these keys are matched up, granting you access to the website.

As already mentioned, NordPass lets you store passkeys, ensuring fast and secure access to your online accounts. This allows you to utilize biometrics, such as fingerprint or facial recognition, for authentication, making the whole process much easier and safer. Therefore, if you're truly committed to improving the security of your online accounts, we suggest you go passwordless with NordPass and switch to passkeys on accounts and applications.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.