It's worth getting a list of the most common passwords and rejecting them, regardless of whether the passwords are generated by machine or by the user.
For four digit numbers there's barely any variation in what people use. Even 1234, the most common, is only twice as likely as hundreds of other PINs. Maybe block the top half a percent of most-guessed pins.
