- Edited
Rcif419 Assuming random digits, a four-digit PIN is 99% less secure than six digits, because there are 100 times as many six-digit numbers as four-digit numbers.
Security people often make recommendations based on what should be good enough for a given use case, plus some margin. Four digits might be good enough? But not good enough plus some margin.
Edit: note that the "140 attempts" figure above is 1% of the way through the space of a four-digit PIN, so the attacker could get lucky. You might choose to take that bet, but I doubt you will find somebody willing to recommend it as a good bet to take.