Direct Technology Group Blog

Direct Technology Group provides professional IT Support and Network Services for Businesses around Deerfield Beach. Computer Services, Tech Support, IT Solutions and more!

PINs Distributed By Equifax Increases Risk

PINs Distributed By Equifax Increases Risk

By now, you’ve heard all about the Equifax data breach, which exposed sensitive information of 143 million individuals. To keep this from leading to identity theft and other challenges for these users, many professionals are encouraging them to freeze their credit lines. To do so, a PIN is required, which is something that a hacker can easily take advantage of.

Personal identification numbers fulfill many of the same roles as passwords do. They are designed to help the user protect important or sensitive information from prying eyes. These access control credentials generally follow the same guidelines. They need to be complex and secure so that hackers can’t get lucky and guess what they are. Specifically, they require upper and lower-case letters, numbers, symbols, and a random order.

You might think you’re armed with enough knowledge to protect yourself from this data breach, but you’re wrong. Or, rather… you were.

In the wake of the Equifax breach, the company allowed users to generate a PIN so that their credit lines could be frozen. Unfortunately, the method used only placed them at greater risk. The reason for this is that the Equifax PINs generated were ten digits long, and were based on the date that the credit line was frozen, as well as the specific time. The variables appeared in the PINs in this format: DdMmYyHhMm. You might think that ten digits is plenty to create a random string, but it’s not.

Remember what we said about a PIN needing to remain random? Well, a PIN based on the specific date and time of a credit freeze is anything but random. This creates a significantly smaller number of possible combinations for the PIN. Think about it--there are only 24 hours in a day, which means that the hour portion of the PIN has to be somewhere in that range. The same can be said for any other characters in the PIN. When you break it down to the number of reasonable hours in a day, you’re left with only a handful of possible values for that string of characters.

All of this could have been prevented if Equifax had just made the passcode a ten-digit randomized string of characters right from the get-go. Instead, they waited until September 11th, 2017, to make that happen. Hopefully the changes that have been made will allow people to rest a little easier about the data breach--one that shouldn’t have happened in the first place, mind you.

What do you think about this method of generating PINs? Are you sure that the credentials you use for your organization and your personal information are secure? To learn more about how you can protect yourself from identity theft and hackers in general, reach out to us at (954) 739-4700.

Tip of the Week: 7 Useful Google Chrome Extensions
We Examine What We Know About the New iPhone Model...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 22 December 2024

Captcha Image

Blog Archive

2014
January
February
March
April
May
June
July
August
September
October
November

Mobile? Grab this Article

QR Code
Request a Consultation

Direct Technology Group strives to provide the best comprehensive IT, Computer, and Networking services to small businesses. We can handle all of your organization's technology challenges.

Contact Us
Contact Us

Learn more about what Direct Technology Group can do for your business.

1358 W Newport Center Dr
Deerfield Beach, Florida 33442

Call us: (954) 739-4700

News & Updates
Direct Technology Group is proud to announce the launch of our new website at www.directtechnologygroup.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...