Request for PIN databases

To the VOIP community,

This is an open invitation to contribute to PINPOP, a security research project to study PIN selection behaviour.

PINPOP Is led by Andrew Horton and John McColl, two security researchers from New Zealand. We’re researching PIN number selection with the goal of making VOIP systems more secure. To do this we need help from the internet community to provide the large datasets of PIN numbers required.

The PINs we need must be selected by the users. This means we need to exclude all system assigned PINs such as defaults and randomly generated PINs.

By contributing to our research you will help us :

  • Rank the strength of a PIN similar to how passwords are ranked.

  • Develop free software to restrict the selection of weak passwords for Asterisk, the opensource PBX.

  • Be the first to study the psychology of PIN selection :
    We will discover to what extent aesthetics numbers influence PIN selection. What patterns are most commonly selected? Are primes selected more than expected? How common are PINs that begin with 0?

  • Simulate PIN cracking on VOIP networks. Determine the number of attempts it will take to crack the average PIN.

  • Visually display the security of the PINs on your network. Identify the weakest so admins/HR can prompt those users to change their PINs.

This research and the security enhancements it enables are considered by some to be long overdue. In fact it amazes us that no one has conducted any open research into PIN selection considering the vast amount of parallel research into passwords.

Your privacy and security is assured. We offer a full range of disclosure options and require only PIN numbers without associated identifying data, eg. names and extension numbers.

Learn more and contribute at

Thanks in advance,
Andrew Horton & John McColl
New Zealand