Whilst looking into this I came across the following article PIN number analysis:
http://www.datagenetics.com/blog/septem ... index.html
Based on a 4 digit PIN there are 10,000 choices, yet from a sample of 3.4 million 4 digit passwords nearly 11% were the password 1234.
From a table of the top twenty passwords found:
A staggering 26.83% of all passwords could be guessed by attempting these 20 combinations!
(Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect the these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered)
Although the article refers to PIN numbers the data was obtained from user passwords:
Given that users have a free choice for their password, if users select a four digit password to their online account, it’s not a stretch to use this as a proxy for four digit PIN codes
Given human nature. I don't consider this an unreasonable assumption.
Personally I found the distribution of user choices fascinating given the available choice.