Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 09-12-2017, 09:32 AM   #161
Thinks s/he gets paid by the post
 
Join Date: Sep 2012
Location: Seattle
Posts: 2,901
The equifax pin is a joke. It is just the month/day/year you freeze your credit plus the time in hours and minutes.

So if you were to post you froze your credit today, I know a large portion of your pin already.

09122017

If you really said I just locked my credit a minute ago, I would then know your pin is something like 0912201710xx

It is no wonder they got hacked.
__________________

__________________
Fermion is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-12-2017, 09:37 AM   #162
Thinks s/he gets paid by the post
 
Join Date: May 2008
Posts: 3,348
I don't know what law allowed these bureaus to collect personal data in the first place.

Maybe in the fine print when we apply for loans, open cell phone accounts, they get to send our data to the bureaus.

Clearly the bureaus have no laws governing them to protect that data. It sounds like Equifax took short cuts in IT and data security measures.

Now Equifax may get sued out of existence. Lawyers make money and consumers are still vulnerable.

My understanding is that in the U.K. and perhaps in other countries, private companies are not allowed to use govt-issued IDs or papers of any kind like the banks do with SSNs, which were created in the 1930s with no conception of an online world rife with cyber crime.

Maybe the Congress should be looking at a new ID system, which would be more modern and secure. Perhaps a system which would generate tokens or one-time use numbers that companies wouldn't store (or if they did it wouldn't do them any good as the numbers would no longer be valid).

But maybe the identity theft problem isn't big enough yet for people to demand changes. So the thieves know credit card numbers and have the data to apply for new cards under your name. But the banks issuing the credit cards shield you from liability for fraudulent transactions.
__________________

__________________
explanade is offline   Reply With Quote
Old 09-12-2017, 09:45 AM   #163
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 4,564
Equifax generally spends about $500,000 -> $1M per year lobbying (bribing?) Congress to WEAKEN the laws around storing/notifying you about your information being hacked/lost/mis-used etc....

Equifax lobbied for more lax regulations ahead of massive data breach - MarketWatch

They want the freedom to be careless.
__________________
Sunset is offline   Reply With Quote
Old 09-12-2017, 10:10 AM   #164
Recycles dryer sheets
Wheel's Avatar
 
Join Date: Sep 2005
Posts: 58
https://www.transunion.com/corporate...ityFreeze.page

Does not give me much confidence when TransUnion can't even spell "Security" properly...
__________________
"The surest sign that there is intelligent life out there is that they haven't tried to contact us yet." Calvin & Hobbes
Wheel is offline   Reply With Quote
Old 09-12-2017, 10:13 AM   #165
Thinks s/he gets paid by the post
 
Join Date: Mar 2017
Location: New York City
Posts: 2,838
Quote:
Originally Posted by Fermion View Post
The equifax pin is a joke. It is just the month/day/year you freeze your credit plus the time in hours and minutes.

So if you were to post you froze your credit today, I know a large portion of your pin already.

09122017

If you really said I just locked my credit a minute ago, I would then know your pin is something like 0912201710xx

It is no wonder they got hacked.
Wow, +1
__________________
Withdrawal Rate currently zero, Pension 137 % of our spending, Wasted 5 years of my prime working extra for a safe withdrawal rate. I can live like a King for a year, or a Prince for the rest of my life. I will stay on topic, I will stay on topic, I will stay on topic
Blue Collar Guy is offline   Reply With Quote
Old 09-12-2017, 10:15 AM   #166
Thinks s/he gets paid by the post
Gotadimple's Avatar
 
Join Date: Feb 2007
Posts: 1,736
Dirk Cotton write a retirement blog. Here is his comprehensive article on freezing your credit. He suggest 4 bureaus. See the article dated September 11.
The Retirement Café
__________________
Only got A dimple, would have preferred 2!
Gotadimple is offline   Reply With Quote
Old 09-12-2017, 10:29 AM   #167
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 2,313
Understandably, freezing requires you provide a bunch of personal information, some of which the freezing agency may not already have. That means you are giving out still more personal information that can be stolen.

It's difficult to know the best security approach because the amount of risk is unknown. For example, if a person does not freeze, is there an 80% chance that person will lose, oh, $10,000 during the next 10 years? Or is that risk 99%? Or 1%? I have no idea. How much does that risk change by freezing? Might freezing actually increase the risk because the process exposes more private information? Additionally, unfreeze PINs can be hacked and stolen just like any other data.
__________________
GrayHare is offline   Reply With Quote
Old 09-12-2017, 10:31 AM   #168
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,235
Quote:
Originally Posted by Fermion View Post
The equifax pin is a joke. It is just the month/day/year you freeze your credit plus the time in hours and minutes.

So if you were to post you froze your credit today, I know a large portion of your pin already.

09122017

If you really said I just locked my credit a minute ago, I would then know your pin is something like 0912201710xx

It is no wonder they got hacked.
Good grief! I checked and it's true.

You can't make this stuff up!!
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-12-2017, 10:35 AM   #169
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,826
In that case, I'm announcing that I froze my credit with Equifax at the turn of the century. That's the turn from 18th to 19th century .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-12-2017, 10:47 AM   #170
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 2,313
A breach on the scale of the Equifax one was far less likely around 1990 in large part because the companies were not connected to the Internet. The credit system still functioned then, though perhaps a bit more slowly. For security it might be time to return to that approach. No customer data online.
__________________
GrayHare is offline   Reply With Quote
Old 09-12-2017, 10:47 AM   #171
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Hmmmm... square one. The security starts with the credit card company.

Is there any earthly reason why they should not be responsible for any loss, rather than the customer?

This Mother Jones short article makes sense to me. Even the current legislation pending for the CFPB keeps open the benefits to the companies.

Here’s Why I Hate Credit Reporting Agencies — And Why You Should Too – Mother Jones

Most here are too young to remember the time when credit cards didn't exist. I was working as a manager for Sear Roebuck at time... 1959, in a Catalog Store in Chelsea Mass. As with all other stores, the accounts were held on ledger cards, in files in each store. The Credit manager and store manager in each store was responsible for the the decision to offer credit, and credit limits were based on the type of merchandise the customer was buying... ie. a washer or a refrigerator had a higher limited than clothing, since they could be repossessed. Where credit was questionable, it was incumbent on the person seeking the credit to offer references... banks, car dealers, other local merchants, who we mutually shared credit experience with. An interactive relatively local system that was more common at the time.

While BankAmericard test marketed what we now know as credit cards is 1958, the Sears Revolving Charge (much later to become Discover) was introduced nationally in late 1959, and was the first widely used credit card at that time In effect the broad based "time payment" "ledger" accounts that were held in thousands of Sears stores across the country, provided the "ratings" basis for issuing the SRC accounts.

I recall vividly the panic of my own credit manager at the time, as she thought her years of service would be lost when her job was eliminated (which it wasn't), and she would not receive her highly valued Sears Profit Sharing plan.

(sigh) how did I get to this?
__________________
imoldernu is offline   Reply With Quote
Old 09-12-2017, 10:59 AM   #172
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,235
Ugh, it's worse than we thought....

Using Time and Date limits the numbers that each position of the Pin can hold, thus reducing the total combinations possible.

Worse, computer systems love to date and time various transactions. So, if there is a date-time stamp created when your pin was created.... Not so good.

https://nakedsecurity.sophos.com/201...files-at-risk/

Quote:
Because of the way the PIN-generating algorithm works, any timestamped logs of your activity on the Equifax systems that are related to your freeze (computers tend to generate a lot of timestamped logs) are effectively improperly secured copies of your PIN.
In other words, any PIN that’s generated like this just isn’t a PIN.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-12-2017, 12:22 PM   #173
Full time employment: Posting here.
bjorn2bwild's Avatar
 
Join Date: Mar 2013
Location: Western US
Posts: 690
According to the Sept. 11 update -

Quote:
1) Adjusted our PIN Generation for Security Freezes
We understand and appreciate that consumers have questions about how a PIN is currently generated for a consumer initiating an Equifax security freeze solution. All consumers placing a security freeze will be provided a randomly generated PIN.
https://www.equifaxsecurity2017.com/

Also, this (don't know if this means free for thirty days, or for a thirty day window you can freeze at no cost) -
P.S. The tweet - looks like the freeze fee is waived for the next 30 days -

https://twitter.com/Equifax/status/907382924621819906

Quote:
In response to public outrage over its ongoing bungled response, Equifax stated on Twitter that it will waive credit freeze fees for 30 days.
https://techcrunch.com/2017/09/12/wi...t-freeze-fees/
__________________
How's it going to end..............
bjorn2bwild is offline   Reply With Quote
Old 09-12-2017, 12:52 PM   #174
Thinks s/he gets paid by the post
Huston55's Avatar
 
Join Date: Jul 2011
Location: The Bay Area
Posts: 1,762
Quote:
Originally Posted by GrayHare View Post
Biometrics are coming, folks, solely because they will make everyone perfectly safe.
Fidelity is already using biometrics with voiceprint identification, in addition to 2-factor ID.

They also offer this guarantee, which is very reassuring.

Fidelity Customer Protection Guarantee
We're proud of the trust you place in Fidelity and want to ensure that you have peace of mind when doing business with us. That's why we offer this guarantee: We will reimburse you for any financial losses that result from unauthorized activity on your accounts.
__________________
You may be whatever you resolve to be.
Huston55 is offline   Reply With Quote
Old 09-12-2017, 09:58 PM   #175
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,613
I'm now over all my previous naive concerns about privacy and intrusiveness. They have beaten me down-- the crooks and the "helpful" IT security people. My cranial RAM has no room for more passwords and I'm fed up with the security hoops. I'm now ready to have the RFID chip inserted in my neck. I welcome it. Peace at last.

Quote:
"I love Big Brother."
- Winston Smith
__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Old 09-13-2017, 12:24 AM   #176
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,483
Quote:
Originally Posted by samclem View Post
I'm now over all my previous naive concerns about privacy and intrusiveness. They have beaten me down-- the crooks and the "helpful" IT security people. My cranial RAM has no room for more passwords and I'm fed up with the security hoops. I'm now ready to have the RFID chip inserted in my neck. I welcome it. Peace at last.
I luv you too!


One thing that's surprising to me is our focus on someone impersonating us through the application's front end. Most thefts are internal actors. I spent decades in the industry around security and audit and someone acting as me, through the application is my last concern.

I'm much more afraid of a data dump giving someone enough data to perform a wire from the system of record to a foreign bank. Never even logging on to the system of record. Course I'm often wrong.
__________________
MRG is offline   Reply With Quote
Old 09-13-2017, 08:12 AM   #177
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2004
Posts: 11,613
Quote:
Originally Posted by MRG View Post
I luv you too!.
Nuthin personal. But when someone thinks they are enhancing security by requiring passwords that are 16 characters, must be changed every 90 days, can't be too similar to any previous one, can't use 'keyboard geography" ttoo extensively, etc, etc, screen locks after 2 minutes of no activiyy, etc.then they just aren't using their heads. I'll bet 10% of the passwords in some of the most "secure" offices in the world can now be found on Post-it notes on the back of the mouse pads or keyboards. Sure, it is against the rules, but these people are just trying to do their jobs.
Maybe this should be in the pet peeve thread. Sorry.
__________________
"Freedom begins when you tell Mrs. Grundy to go fly a kite." - R. Heinlein
samclem is online now   Reply With Quote
Old 09-13-2017, 09:05 AM   #178
Recycles dryer sheets
flintnational's Avatar
 
Join Date: Mar 2008
Location: Atlanta Suburb
Posts: 284
Quote:
Originally Posted by samclem View Post
I'm now over all my previous naive concerns about privacy and intrusiveness. They have beaten me down-- the crooks and the "helpful" IT security people. My cranial RAM has no room for more passwords and I'm fed up with the security hoops. I'm now ready to have the RFID chip inserted in my neck. I welcome it. Peace at last.
__________________
"Oh, twice as much ain't twice as good
And can't sustain like one half could
It's wanting more that's gonna send me to my knees" - John Mayer
flintnational is offline   Reply With Quote
Upon Furher Review ...
Old 09-13-2017, 09:20 AM   #179
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,826
Upon Furher Review ...

Quote:
Originally Posted by easysurfer View Post
Okay, so I click on the EquiFax link to check if my info was compromised. Firefox flags the site a phishing and deceptive. I don't think the site is phishing since in the news. But still... .

Checked and got the result of, as Maury Povich says, "I am NOT the father".

In other words, looks like not impacted .
Read where the "check if impacted" message is a bit clearer on their website, so I went ahead and checked again. Looks like I am impacted after all . Folks who thought were all clear before when the initial news broke might want to check again.

At least now I have a class action lawsuit or two to look forward to .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-13-2017, 09:44 AM   #180
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,483
Quote:
Originally Posted by samclem View Post
Nuthin personal. But when someone thinks they are enhancing security by requiring passwords that are 16 characters, must be changed every 90 days, can't be too similar to any previous one, can't use 'keyboard geography" ttoo extensively, etc, etc, screen locks after 2 minutes of no activiyy, etc.then they just aren't using their heads. I'll bet 10% of the passwords in some of the most "secure" offices in the world can now be found on Post-it notes on the back of the mouse pads or keyboards. Sure, it is against the rules, but these people are just trying to do their jobs.
Maybe this should be in the pet peeve thread. Sorry.
We're actually saying the same things! Sorry for the confusion. My last 5 years I had all the silly password rules and a 6 digit RSA pin that expired every 30 seconds.
__________________

__________________
MRG is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Credit Freeze oops with Equifax? BBQ-Nut FIRE and Money 15 10-13-2015 02:49 PM
Equifax security freeze pains tpcooper Other topics 8 10-13-2008 06:21 PM
this is what 206 million in CASH looks like.... thefed Other topics 9 03-17-2007 09:13 PM
Looks a lot like brewer12345 FIRE and Money 29 05-25-2006 02:36 PM
Looks like this Forum's Index is screwed up....... Cut-Throat Other topics 52 04-30-2005 09:30 AM

 

 
All times are GMT -6. The time now is 07:50 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.