JS Business Solutions Blog

JS Business Solutions Blog

JS Business Solutions has been serving the Attleboro area since 2012, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

PINs Distributed By Equifax Increases Risk

PINs Distributed By Equifax Increases Risk

By now, you’ve heard all about the Equifax data breach, which exposed sensitive information of 143 million individuals. To keep this from leading to identity theft and other challenges for these users, many professionals are encouraging them to freeze their credit lines. To do so, a PIN is required, which is something that a hacker can easily take advantage of.

Personal identification numbers fulfill many of the same roles as passwords do. They are designed to help the user protect important or sensitive information from prying eyes. These access control credentials generally follow the same guidelines. They need to be complex and secure so that hackers can’t get lucky and guess what they are. Specifically, they require upper and lower-case letters, numbers, symbols, and a random order.

You might think you’re armed with enough knowledge to protect yourself from this data breach, but you’re wrong. Or, rather… you were.

In the wake of the Equifax breach, the company allowed users to generate a PIN so that their credit lines could be frozen. Unfortunately, the method used only placed them at greater risk. The reason for this is that the Equifax PINs generated were ten digits long, and were based on the date that the credit line was frozen, as well as the specific time. The variables appeared in the PINs in this format: DdMmYyHhMm. You might think that ten digits is plenty to create a random string, but it’s not.

Remember what we said about a PIN needing to remain random? Well, a PIN based on the specific date and time of a credit freeze is anything but random. This creates a significantly smaller number of possible combinations for the PIN. Think about it--there are only 24 hours in a day, which means that the hour portion of the PIN has to be somewhere in that range. The same can be said for any other characters in the PIN. When you break it down to the number of reasonable hours in a day, you’re left with only a handful of possible values for that string of characters.

All of this could have been prevented if Equifax had just made the passcode a ten-digit randomized string of characters right from the get-go. Instead, they waited until September 11th, 2017, to make that happen. Hopefully the changes that have been made will allow people to rest a little easier about the data breach--one that shouldn’t have happened in the first place, mind you.

What do you think about this method of generating PINs? Are you sure that the credentials you use for your organization and your personal information are secure? To learn more about how you can protect yourself from identity theft and hackers in general, reach out to us at (781) 715-1900.

How Are We Still Unsure of What Makes a Data Breac...
We Examine What We Know About the New iPhone Model...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Friday, 25 April 2025

Captcha Image

logo
Request a Consultation

JS Business Solutions strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what JS Business Solutions can do for your business.

12 Pratt Street Suite 103,
Mansfield, Massachusetts 02048

Call us: (781) 715-1900

Network Assessment

Our network assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Sign Up Today!