Although most computing devices, including personal computing devices, such as cellular telephones, smart telephones, wireless personal digital assistants (PDAs), personal computers (PCs), laptop computers, and so forth, to name a few, have built in password security, many users choose not to be hassled by initiating password security. Users that initiate password security are often frustrated by password security, and corporate or other entities may insist on changing the password regularly, e.g., every month. Different passwords may be needed for different authentication devices or applications. Remembering all such passwords and selecting the appropriate one may be very onerous.
In practice password systems for computing devices may be breached in several ways, for example: random trial and error, e.g., hitting random keys, where eventually the correct password will be found, but may take a long time; systematic trial and error, e.g., trying 0000, 0001, 0002, and so forth for a PIN number; inspired guesswork, e.g., trying general favorite numbers, for example, 1066, 1234, and so forth, or personal numbers, for example, birthday, telephone number, and so forth; learning the password by surveillance, shoulder surfing, finding the password written down somewhere, and so forth; hacking, e.g., key click measurement, on-line interception, and so forth; forced disclosure to a mugger.
A 4-number PIN has a theoretical security of 1 in 10×10×10×10=1 in 10,000 or 0.0001. Hackers would probably give up if they had the typical three chances at these odds.
In practice, the problem is that users find remembering multiple passwords/numbers to be difficult, and either the user chooses a memorable personal number that is likely to be used widely elsewhere or a non-memorable one that needs to be written down, usually next to the computing device requiring the security. Many instances of surveillance scams to learn passwords have been reported. Looking over someone's shoulder when users are entering their PIN or password is not uncommon. The practical security offered by a PIN number, e.g., from a hacker's or thieves point of view, is quite modest.