Modern smartphones use large glass touchscreen panels that show the presence of grease from hands and faces very easily. Should your phone be stolen it could be possible for the thief to discern the PIN required to unlock it by analysing these grease patterns.
If your pin was “1234” then the thief would only have to try all 24 permutations in order to guarantee being able to unlock the phone:
- {1,2,3,4} {1,2,4,3} {1,3,2,4} {1,3,4,2} {1,4,2,3} {1,4,3,2} {2,1,3,4} {2,1,4,3} {2,3,1,4} {2,3,4,1} {2,4,1,3} {2,4,3,1} {3,1,2,4} {3,1,4,2} {3,2,1,4} {3,2,4,1} {3,4,1,2} {3,4,2,1} {4,1,2,3} {4,1,3,2} {4,2,1,3} {4,2,3,1} {4,3,1,2} {4,3,2,1}
But if you had chosen “1233” then the thief would not know which number had been used twice, and would have more permutations to check:
- {1,2,3,3} {1,3,2,3} {1,3,3,2} {2,1,3,3} {2,3,1,3} {2,3,3,1} {3,1,2,3} {3,1,3,2} {3,2,1,3} {3,2,3,1} {3,3,1,2} {3,3,2,1}
- {1,2,2,3} {1,2,3,2} {1,3,2,2} {2,1,2,3} {2,1,3,2} {2,2,1,3} {2,2,3,1} {2,3,1,2} {2,3,2,1} {3,1,2,2} {3,2,1,2} {3,2,2,1}
- {1,1,2,3} {1,1,3,2} {1,2,1,3} {1,2,3,1} {1,3,1,2} {1,3,2,1} {2,1,1,3} {2,1,3,1} {2,3,1,1} {3,1,1,2} {3,1,2,1} {3,2,1,1}
By choosing a PIN with a repeating digit you have made it 50% harder for the thief. It is also possible that the thief might not realise that a digit had been repeated, and then have to guess at the fourth digit, which would make life much harder. If this idea is extended to a 5-digit PIN then the increase in difficulty becomes 100% – it is twice as difficult with a repeated digit as without one. For every digit added it becomes fifty percentage points more difficult.
This would make sense if the attacker was permutating randomly, but they won’t be. PINs and passwords are not distributed randomly, so the attacker is more likely to make a dictionary attack than random attempts. 18/20 of the most used 4 digit PINs contain duplicates. See for example: http://www.datagenetics.com/blog/september32012/index.html