The router has a eight-digit PIN that you need to enter on your devices to connect. Rather than check the entire eight-digit PIN at once, the router checks the first four digits separately from the last four digits. This makes WPS PINs very easy to “brute force” by guessing different combinations. There are only 11,000 possible four-digit codes, and once the brute force software gets the first four digits right, the attacker can move on to the rest of the digits. Many consumer routers don’t time out after a wrong WPS PIN is provided, allowing attackers to guess over and over again. A WPS PIN can be brute-forced in about a day. [Source] Anyone can use software named “Reaver” to crack a WPS PIN.