Daily Inspiration
Design excellence, every day.
Jury-selected work from the A' Design Award, presented fresh each morning.
Four random digits. 10,000 possible combinations. Generated entirely in your browser.
A numeric PIN is one of the simplest structures in combinatorics. Each position holds a single digit from 0 through 9, selected independently of every other position. A 4-digit PIN therefore has 10,000 possible values, and a truly random generator gives each one exactly equal probability. The digit in position one reveals nothing about the digit in position two. The PIN has no internal logic, no pattern, no structure to exploit.
Information theory quantifies randomness in bits. Each decimal digit carries log2(10) ≈ 3.322 bits of entropy, so a 4-digit PIN contains 13.3 bits. For comparison, a 16-character password drawn from 95 printable ASCII characters delivers roughly 105 bits. A PIN is deliberately simpler because it relies on a fundamentally different security model: rate limiting.
An ATM permits three consecutive wrong attempts before swallowing the card. A smartphone introduces escalating delays after failures. Under such constraints, exhausting 10,000 combinations becomes practically infeasible. The security of a PIN lives in the lock, and the randomness prevents an attacker from guessing intelligently.
The four-digit PIN traces to 1967, when Scottish inventor John Shepherd-Barron conceived the first automated teller machine for Barclays Bank in London. His original design used six digits. His wife, Caroline, tested the prototype and persuaded him that four was all she could reliably remember under the mild pressure of a queue forming behind her. That domestic conversation shaped a global security standard persisting more than fifty years later. Four digits remain the default for ATMs, phone unlock screens, and point-of-sale terminals worldwide.
Nick Berry of DataGenetics analyzed 3.4 million leaked four-digit PINs and found alarming concentration. The sequence 1234 alone accounted for 10.7% of all PINs in the dataset. The top twenty most common PINs covered 27% of the total population. Birth years in the 19xx format, repeated digits (1111, 0000), and keyboard patterns (2580, the middle column on a numeric keypad) dominated the list.
An attacker who tries the hundred most common PINs first can unlock roughly one in three accounts using human-chosen PINs. A randomly generated PIN eliminates this vulnerability entirely. Every one of the 10,000 values becomes equally likely, including 1234 and 0000. The attacker gains no advantage from trying common patterns first because the PIN was never chosen by a pattern-seeking human mind.
Each digit on this page originates from crypto.getRandomValues(), the Web Cryptography API specified by the W3C and built into every modern browser. The underlying entropy comes from hardware-level physical processes in your device: thermal noise, electrical jitter, and timing variations that quantum mechanics proves to be fundamentally unpredictable. The implementation uses rejection sampling to eliminate modulo bias, ensuring every digit from 0 through 9 has mathematically identical probability.
The PIN never travels over any network. It exists only in your browser's memory and on your screen. The server delivered this page and finished. Your device created the secret.
PIN generation provides a concrete entry point for combinatorics. Ask students: how many four-digit PINs exist? Most guess far fewer than 10,000. The formula 104 = 10,000 introduces exponentiation as a counting tool. Then add constraints: if the first digit cannot be zero, how many remain? (9,000.) If no digit may repeat? (10 × 9 × 8 × 7 = 5,040.) These restrictions progressively reduce the space, illustrating the difference between permutations with and without repetition.
For a group activity, have each student visit /pin/6 and generate a six-digit PIN. Ask: what is the probability that any two students in a class of 30 share the same PIN? The answer (approximately 0.04%) surprises students who expect collisions. Contrast this with the birthday problem, where 23 people sharing a birthday from just 365 options crosses 50% probability. The comparison reveals how dramatically the size of the possibility space affects collision rates. The tool requires no accounts and stores no student data.
Every PIN generated on this page stays inside your browser. The server delivers the page template. Your device's cryptographic random number generator produces each digit. No PIN ever appears in server logs, analytics, or network requests. Your generation history lives in localStorage on your device alone.
The share section below shares the tool URL, never a generated PIN. Sending someone the link gives them the same generator. Their device produces a completely independent result from its own entropy source. The URL carries the tool. Your device carries the secret.
The URL defines the PIN length completely:
Send the link. Recipients generate their own independent PIN from their own device.
Daily Inspiration
Jury-selected work from the A' Design Award, presented fresh each morning.
