Home and commercial alarms are an integral physical security measure that have become so commonplace that little thought is given to the security that they may or may not provide. Whilst the focus has shifted from physical security in the past to cyber security in the present, physical security for protecting assets may be just as important for many business organisations. This research looks at 700 genuine alarm PIN codes chosen by users to arm and disarm alarm systems in a commercial environment. A comparison is made with a study of millions of PIN numbers unrelated to alarms to compare the results in order to allow a prediction of the alarm codes utilised in these systems. Results show that PIN number for alarm codes are often chosen differently than other PIN numbers and an analysis of the alarm codes gives an indication of how users choose codes. The codes are ranked in various groupings and results show that a non-sequential brute force attack against an alarm system using the results of this study greatly reduce the number of codes tried by an attacker before a disarming code is discovered. The results can be used to assist users in choosing codes that are less predictable than the codes that are often chosen today.