Are You Having A Technology Emergency?

JS Business Solutions Blog

PINs Distributed By Equifax Increases Risk

PINs Distributed By Equifax Increases Risk

By now, you’ve heard all about the Equifax data breach, which exposed sensitive information of 143 million individuals. To keep this from leading to identity theft and other challenges for these users, many professionals are encouraging them to freeze their credit lines. To do so, a PIN is required, which is something that a hacker can easily take advantage of.

Personal identification numbers fulfill many of the same roles as passwords do. They are designed to help the user protect important or sensitive information from prying eyes. These access control credentials generally follow the same guidelines. They need to be complex and secure so that hackers can’t get lucky and guess what they are. Specifically, they require upper and lower-case letters, numbers, symbols, and a random order.

You might think you’re armed with enough knowledge to protect yourself from this data breach, but you’re wrong. Or, rather… you were.

In the wake of the Equifax breach, the company allowed users to generate a PIN so that their credit lines could be frozen. Unfortunately, the method used only placed them at greater risk. The reason for this is that the Equifax PINs generated were ten digits long, and were based on the date that the credit line was frozen, as well as the specific time. The variables appeared in the PINs in this format: DdMmYyHhMm. You might think that ten digits is plenty to create a random string, but it’s not.

Remember what we said about a PIN needing to remain random? Well, a PIN based on the specific date and time of a credit freeze is anything but random. This creates a significantly smaller number of possible combinations for the PIN. Think about it--there are only 24 hours in a day, which means that the hour portion of the PIN has to be somewhere in that range. The same can be said for any other characters in the PIN. When you break it down to the number of reasonable hours in a day, you’re left with only a handful of possible values for that string of characters.

All of this could have been prevented if Equifax had just made the passcode a ten-digit randomized string of characters right from the get-go. Instead, they waited until September 11th, 2017, to make that happen. Hopefully the changes that have been made will allow people to rest a little easier about the data breach--one that shouldn’t have happened in the first place, mind you.

What do you think about this method of generating PINs? Are you sure that the credentials you use for your organization and your personal information are secure? To learn more about how you can protect yourself from identity theft and hackers in general, reach out to us at (781) 715-1900.

How Are We Still Unsure of What Makes a Data Breac...
We Examine What We Know About the New iPhone Model...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, October 16 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Latest Blog

“Half the time men think they are talking business, they are wasting time.” - E.W. HoweDo you know how much time is wasted in your business? Despite the appearance your employees may have of busy productivity, a study from the Harvard Busin...

Latest News & Events

JS Business Solutions is proud to announce the launch of our new website at The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what JS Business Solutions can do for your business.

Call Us Today
Call us today
(781) 715-1900

10 South Main Street
Suite 202-204

Attleboro, Massachusetts 02703