Equifax Freeze PINs Aren’t As Secure As They Could Be

The Equifax data breach has been a considerable issue for countless individuals, exposing sensitive information that could lead to identity theft and so much more. In response to this breach, some experts are recommending that consumers go as far as freezing their credit lines because of the potential for breaches. Well, it all comes down to a PIN--something that can be easily guessed by a hacker under the right circumstances.

Personal identification numbers--contrary to popular belief--are the exact same thing as passwords. They are codes designed to keep someone from accessing sensitive information. However, access control devices like this need to follow the same guidelines, regardless of what they are called. They need to be complex and secure so as to keep hackers from guessing them. You should include both upper and lower-case letters, numbers, and symbols, and include them in a seemingly random order.

You’re probably thinking, “Great. Now I know enough to make my Equifax PIN as strong as possible.” Except… that’s not how this works.

Due to the way that Equifax generates your PIN, your credit lines could be placed at risk. The PINs used by Equifax are ten digits long, stemming from the date that the credit line was frozen, as well as the specific time which it was frozen. The order of these variables is the following: DdMmYyHhMm. This significantly cuts down on the amount of possible combinations available for a PIN. Furthermore, there are only a certain number of reasonable times within a day where you could apply for a credit line freeze, further limiting the amount of potential variables including the access code.

If Equifax had kept it a simple ten-digit randomized string of numbers, this wouldn’t be an issue. But that’s just not how the cookie crumbled.

As of September 11th, 2017, Equifax has addressed that this PIN generation process needs to be changed. Hopefully, the change will be enough to secure people’s sensitive information properly.

What are your thoughts about this development? Are you certain that your passwords and PINs are secure enough to protect your organization (and your identity) from being compromised? For assistance securing your personal and organizational information, reach out to Ferrum Technology Services at (847) 697-3282.