You know that little PIN pad on your door, your phone, or your bank card? That's all it takes to lock or tap into something. Practically speaking, four digits. And most people assume there are a million combinations — because, hey, four numbers, right?
Turns out that's not how it works. The real answer to how many codes are possible with 4 digits is smaller than you'd think, and the reason why actually tells you a lot about how we misunderstand everyday security Easy to understand, harder to ignore..
I've been down this rabbit hole more than once, mostly because I kept seeing "0000" as a default code on things and wondered who thought that was fine. So let's actually break it down.
What Is a 4-Digit Code
A 4-digit code is just a sequence of four numbers, each pulled from 0 through 9. Which means no letters, no symbols, no emoji (unfortunately). That's it. When people talk about a "4-digit PIN" or "4-digit combination lock," they mean exactly this: four slots, and each slot can hold any single digit from 0 to 9.
Here's the thing — a code like 1234 is different from 4321. Practically speaking, if you're dealing with a padlock where you spin four wheels, the wheel order is fixed left to right. Think about it: order matters. On the flip side, that's what makes it a code or a permutation rather than just a set of numbers thrown in a bag. Same idea.
Digits vs. Numbers
Worth knowing: we're not talking about "all the numbers from 0 to 9999" as if they're written values. We're talking about strings of digits. So 0072 counts. It's a valid 4-digit code even though as a number it's seventy-two. Because of that, leading zeros trip a lot of people up. They'll say "there are 9,999 codes" because they forget that 0000 is a thing, and that 0001 through 0099 are real codes too And that's really what it comes down to..
Repeated Digits Are Allowed
Unless someone tells you otherwise, a 4-digit code can repeat digits. So is 1212. So in practice, most systems let you do this because humans pick memorable patterns. 1111 is fair game. And yes, that's also why "2580" (straight down the keypad) is shockingly common Most people skip this — try not to..
Why It Matters
Why care about how many codes are possible with 4 digits? Because it's the math behind everything from your gym locker to your debit card.
If you understand the size of the space, you understand how easy it is to guess. On the flip side, a 4-digit PIN has a fixed number of possibilities. Plus, if someone can try them without getting locked out, the security is only as strong as that count. Real talk — most banks now limit tries, but a surprising number of IoT locks and old padlocks don't.
And here's what goes wrong when people don't get this: they assume a 4-digit code is "basically uncrackable by hand." It isn't. If you've got 30 seconds and the lock doesn't punish failure, you can run through a chunk of the space fast. I know it sounds simple — but it's easy to miss when you're trusting the tech Small thing, real impact..
It also matters for building systems. Even so, if you're a developer slapping a 4-digit PIN on an app, you should know exactly how many tries a brute-force attacker gets before the math becomes a problem. The short version is: the count is small, so your rate-limiting better be good Easy to understand, harder to ignore..
How It Works
Let's get to the actual counting. This is the meaty part, and it's easier than it looks.
The Multiplication Rule
You've got four positions. For the second, also 10. Fourth, 10. Third, 10. For the first position, you can pick any of 10 digits (0–9). Because choices are independent and repeats are allowed, you multiply: 10 × 10 × 10 × 10 That's the part that actually makes a difference..
That's 10⁴. Which is 10,000.
So the direct answer to how many codes are possible with 4 digits is 10,000. From 0000 to 9999 inclusive. Not 9,999. Not a million. Ten thousand exactly.
When Repetition Isn't Allowed
Some puzzles or locker setups say "no repeated digits.Second: 9 (can't reuse the first). Plus, first digit: 10 choices. " Then the math changes. Fourth: 7. Here's the thing — third: 8. Multiply those: 10 × 9 × 8 × 7 = 5,040.
That's a smaller space. Half the size. If you've ever used a briefcase lock with distinct digits required, that's the number you're working with.
What If the First Digit Can't Be Zero
Certain systems — old phone extensions, some ID formats — disallow a leading zero. Then first position has 9 choices (1–9), and the rest have 10 each. 9 × 10 × 10 × 10 = 9,000. Still a lot, but noticeably less than 10,000 Not complicated — just consistent. Still holds up..
Visualizing the Space
Think of it like a 100 × 100 grid. Because of that, each row is the first two digits. Each column is the last two. Walk every cell and you've hit all 10,000. Because of that, it feels bigger than it is. I've literally written a script to print them all — the file wasn't even that large. That's how small 10k is in computing terms.
Brute Force in the Real World
Say a keypad allows unlimited tries and beeps quietly. In practice, at two seconds per code, 10,000 attempts is about 5. 5 hours of continuous typing. On the flip side, not forever. Here's the thing — if the device lets you skip faster, it's less. That's why "how many codes are possible with 4 digits" isn't trivia — it's the difference between a lock that wastes a thief's afternoon and one that wastes their minute.
Common Mistakes
Most guides get a couple things wrong here, so let's clear them up Most people skip this — try not to..
First: people say "there are 9,999 codes because 0000 doesn't count.If the machine accepts it, it's a code. Plus, i've seen default factory PINs set to exactly 0000 on routers and cheap safes. " It does. Don't erase it from the math.
Second: confusing combinations with permutations. Even so, for our purposes, 1234 ≠ 4321, so we count ordered sequences. Day to day, a math teacher might say "combination lock" is a misnomer because order matters. If you treated them as unordered, the count drops hard — but no lock works that way.
Third: forgetting that some systems silently restrict the space. I tested a smart lock that banned 19 specific codes (like 1234 and 0000) to "improve security.That's 9,981 possible, not 10,000. Plus, " Cute. Worth knowing if you're modeling risk That's the whole idea..
And fourth — the big one — assuming longer means safer without context. A 4-digit code on a system that locks after 3 tries is fine for a gym locker. And the same code on a WiFi door with no lockout is a joke. The count is fixed; the protection around it isn't.
Practical Tips
If you're picking or building with 4-digit codes, here's what actually works.
Use the full space. In practice, those are the first ones anyone tries. Don't pick 1234, 0000, 1111, or 2580. The best you can do with 10,000 options is be unguessable by humans, even if a machine doesn't care.
If you run a system, cap the tries. Now, three strikes and a delay beats any fancy PIN logic. The math says 10,000 is small; make sure a person can't walk through it But it adds up..
For physical locks, consider one that detects forced cycling. Some padlocks now shake-alert. Old ones just sit there while you spin. Know which you've got.
And if you're just curious about the count for a project — script it. On top of that, in Python, for i in range(10000): print(f"{i:04d}") gives you every code with leading zeros. Took me longer to import the library than write the loop. That's the whole space, printed.
One more: if you need real security, move past 4 digits. A 6-digit
code jumps the space to 1,000,000 possibilities — a 100x increase for just two extra button presses. Even at two seconds per entry, that's over 23 days of nonstop brute force, which shifts the threat from "inconvenient" to "impractical" for almost any physical attacker Surprisingly effective..
The same logic scales further. An 8-digit code is a billion combinations; at that point, even automated systems need days or weeks unless they have specialized hardware and direct digital access rather than a keypad to poke at. The lesson isn't "use the longest code possible no matter what" — it's that 4 digits is a convenience tier, not a security tier, and you should match the code length to what's protecting it.
Why This Keeps Coming Up
The reason "how many codes are possible with 4 digits" gets asked over and over is that the answer feels smaller than people expect. Ten thousand sounds like a lot in everyday life — that's a decent concert crowd — but in a system that accepts inputs at machine speed, it's a rounding error. We instinctively map "four positions" to "four barriers," when really it's four slots that each offer ten easy choices And that's really what it comes down to. Still holds up..
This gap between intuition and reality is where bad security decisions get made. Someone sets a 4-digit code on something valuable because it "feels like enough," never accounting for whether the device limits attempts or alerts on guessing. The count was never the problem. The environment around the count was.
Conclusion
Four digits gives you exactly 10,000 possible codes — assuming a standard 0–9 keypad, ordered entry, and no silent restrictions. That number is fixed, small, and easy to enumerate by hand or script. What changes everything is not the math but the context: lockouts, alerts, delays, and whether a human or a machine is doing the guessing. But use 4-digit codes where the risk is low or the system defends itself. Anywhere else, accept that 10k is a starting point, not a safeguard — and let the protection around the code do the heavy lifting.