Passwords are under attack, that’s a given. Whether it’s from initial access malware looking to open up networks for ransomware attacks, public databases containing hundreds of millions of stolen plaintext credentials, or state-sponsored threat actors with spying on their minds. Nobody can say they are unaware of the dangers of weak or reused passwords, but what about your PIN code? Yes, those four digits that are used when unlocking your smartphone and all the valuable data it provides instant access to. OK, so you might argue that you use your fingerprint or face to unlock your Android or iPhone, which is fair enough, apart from when there’s been an update, reset, or something goes wrong and you have to resort to your PIN after all. What if there were a list of 50 PIN codes that should, under no circumstances, be used? Read on.

ForbesChange Your Password Now If It’s On This List

PIN codes are not, let’s face it, the most secure means of restricting access to your valuable smartphone. Yet they are used to lock your SIM card and the device itself. They underpin, if you’ll excuse the pun, the biometrics that you rely upon to gain quick and safe access to your iPhone or Android when you are out and about, and are required under certain circumstances, whether you have fingerprint or facial recognition enabled or not. I mean, do the math, and you’ll learn that a four-digit PIN “only” requires 10,000 attempts at the most in order to crack it, if you include 0000 and 9999. That’s still a lot of faffing around, of course, and there are far easier and much quicker ways to crack certain PIN codes. And that, dear reader, is where the danger list comes in.

When it comes to advice about choosing a PIN code for your smartphone, if you want to prevent friends and family, even work colleagues, from being able to take a quick look at your stuff when you pop to the toilet without it, it’s best to avoid birthdays and anniversaries. That’s another given. But what if they could have a really good chance of cracking what appears, to you and many others at least, like a random code that has no obvious personal connection?

ForbesChrome Password Update For 3 Billion Google Browser UsersBy Davey Winder

An analysis of more than 29 million PIN codes that turned up in data breach lists, discovered that one in ten people used the same four numbers. That analysis produced a list of the top 50 PIN codes found, and as such, these are the ones used by most people and so the ones to avoid. After all, if I can find this list, so can smartphone thieves.

Here’s the list of 50 PIN codes you should never use.

I sorted the list into numerical order to make it easier to check to see if you were using a dangerous PIN, but here are the top ten by most-used code numbers:

1. 2222
2. 4444
3. 1122
4. 1986
5. 2020

My advice, however, is not to stop using PINs but simply to use longer ones. Instead of four-digit codes, use ten. This is easy to do by opting to use a password instead of a PIN number to lock your phone, and just employ numbers instead of characters. A custom PIN, that can still be easy to remember but is much, much harder for anyone to guess.

ForbesMillions Of Stolen Passwords For Sale To Hackers For Just $81By Davey Winder