#### The maths

The maths of it does seem completely wrong.

I can't find any information on what actually sits in the squares (single or double digits), but for single digits the results will always be 10^x where x is the number of digits in the sequence.

To get 25^4, they need double digits and may as well just go for a 10x10 square, giving them 100,000,000 possibilities. If it's a matter of ease of use (maybe people can't remember a 4 step pattern in a 10x10 block), even a 3x4 block offers double the security of 10^4. There is no reasoning given on their site for why it would be a 5x5 block.

I'd go with it all just being wonky maths though. Here's from their site:

"However add into the ‘mix’ the fact that up to a third of users write down and carry their PINs with them, and that many more use easy-to-remember numbers like their spouse’s birthday, overall security is reduced to say 5000:1 or even 2000:1."

2000 possibilities for a spouses birthday?

If day and month are both single digits (3rd april say) we can have d/m/yy, 0d/0m, 0m/yy as easily memorable dates (and lets face it, someone using a spouses b/day is not going for hard to remember). This is 1/3, nowhere near the 1/2000 or 1/5000.

Even changing the zeroes to any other number, with those 3 date combinations there are 111 possibilites.

Using a spouses birthday only becomes a liability when someone knows that date, for someone who doesn't know your spouses birthday they are right back at 1/10,000.

If the pin is written down and you're assuming the thief has it, it's a 100% probability that they have your PIN. If you assume they don't have the PIN, then again it's back at 10,000 possibilities.

Besides, a pattern can also be put down on paper and is harder to disguise as something innocent like a phone number.

And Jonathan Craymer likes to call it "chip and spin" :-P