Data Net Blog

Data Net Blog

Data Net has been serving the California area since 1983, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

PINs Distributed By Equifax Increases Risk

PINs Distributed By Equifax Increases Risk

By now, you’ve heard all about the Equifax data breach, which exposed sensitive information of 143 million individuals. To keep this from leading to identity theft and other challenges for these users, many professionals are encouraging them to freeze their credit lines. To do so, a PIN is required, which is something that a hacker can easily take advantage of.

Personal identification numbers fulfill many of the same roles as passwords do. They are designed to help the user protect important or sensitive information from prying eyes. These access control credentials generally follow the same guidelines. They need to be complex and secure so that hackers can’t get lucky and guess what they are. Specifically, they require upper and lower-case letters, numbers, symbols, and a random order.

You might think you’re armed with enough knowledge to protect yourself from this data breach, but you’re wrong. Or, rather… you were.

In the wake of the Equifax breach, the company allowed users to generate a PIN so that their credit lines could be frozen. Unfortunately, the method used only placed them at greater risk. The reason for this is that the Equifax PINs generated were ten digits long, and were based on the date that the credit line was frozen, as well as the specific time. The variables appeared in the PINs in this format: DdMmYyHhMm. You might think that ten digits is plenty to create a random string, but it’s not.

Remember what we said about a PIN needing to remain random? Well, a PIN based on the specific date and time of a credit freeze is anything but random. This creates a significantly smaller number of possible combinations for the PIN. Think about it--there are only 24 hours in a day, which means that the hour portion of the PIN has to be somewhere in that range. The same can be said for any other characters in the PIN. When you break it down to the number of reasonable hours in a day, you’re left with only a handful of possible values for that string of characters.

All of this could have been prevented if Equifax had just made the passcode a ten-digit randomized string of characters right from the get-go. Instead, they waited until September 11th, 2017, to make that happen. Hopefully the changes that have been made will allow people to rest a little easier about the data breach--one that shouldn’t have happened in the first place, mind you.

What do you think about this method of generating PINs? Are you sure that the credentials you use for your organization and your personal information are secure? To learn more about how you can protect yourself from identity theft and hackers in general, reach out to us at (760) 466-1200.

Tip of the Week: 7 Useful Google Chrome Extensions
We Examine What We Know About the New iPhone Model...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Wednesday, 18 December 2024

Captcha Image

Network Audit

Our network audit will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Sign Up Today!

News & Updates

It’s fun to be critical of social media, but there’s no denying the massive influence it has on individuals, societies, businesses, and even the political landscape. Since social media plays such a big part in so many areas of your digital life, it’s...

Contact Us

Learn more about what Data Net can do for your business.

Data Net
2445 5th Avenue Suite 200
San Diego, California 92101