Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 621-3900

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Ciracom Blog

PINs Distributed By Equifax Increases Risk

PINs Distributed By Equifax Increases Risk

By now, you’ve heard all about the Equifax data breach, which exposed sensitive information of 143 million individuals. To keep this from leading to identity theft and other challenges for these users, many professionals are encouraging them to freeze their credit lines. To do so, a PIN is required, which is something that a hacker can easily take advantage of.

Personal identification numbers fulfill many of the same roles as passwords do. They are designed to help the user protect important or sensitive information from prying eyes. These access control credentials generally follow the same guidelines. They need to be complex and secure so that hackers can’t get lucky and guess what they are. Specifically, they require upper and lower-case letters, numbers, symbols, and a random order.

You might think you’re armed with enough knowledge to protect yourself from this data breach, but you’re wrong. Or, rather… you were.

In the wake of the Equifax breach, the company allowed users to generate a PIN so that their credit lines could be frozen. Unfortunately, the method used only placed them at greater risk. The reason for this is that the Equifax PINs generated were ten digits long, and were based on the date that the credit line was frozen, as well as the specific time. The variables appeared in the PINs in this format: DdMmYyHhMm. You might think that ten digits is plenty to create a random string, but it’s not.

Remember what we said about a PIN needing to remain random? Well, a PIN based on the specific date and time of a credit freeze is anything but random. This creates a significantly smaller number of possible combinations for the PIN. Think about it--there are only 24 hours in a day, which means that the hour portion of the PIN has to be somewhere in that range. The same can be said for any other characters in the PIN. When you break it down to the number of reasonable hours in a day, you’re left with only a handful of possible values for that string of characters.

All of this could have been prevented if Equifax had just made the passcode a ten-digit randomized string of characters right from the get-go. Instead, they waited until September 11th, 2017, to make that happen. Hopefully the changes that have been made will allow people to rest a little easier about the data breach--one that shouldn’t have happened in the first place, mind you.

What do you think about this method of generating PINs? Are you sure that the credentials you use for your organization and your personal information are secure? To learn more about how you can protect yourself from identity theft and hackers in general, reach out to us at (703) 621-3900.

Tip of the Week: 7 Useful Google Chrome Extensions
We Examine What We Know About the New iPhone Model...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, July 03, 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://ciracom.com/

Customer Login

Contact Us

Learn more about what Ciracom can do for your business.

(703) 621-3900

Ciracom
300 North Washington Street Suite 300
Alexandria, Virginia 22314