Hacker News new | past | comments | ask | show | jobs | submit login

Same experience here (also CA), and I was able to freeze all of them online.

It's mildly interesting how different the experience was across the three. Experian gave me the choice between choosing a PIN and getting a generated one, Equifax just gave me a PIN, and for TransUnion I had to choose the PIN (shorter than for the other reports) myself.




How do you freeze them online?


Come on, that's really not hard to find out for yourself. But here are the links anyway:

https://www.freeze.equifax.com/ https://freeze.transunion.com/ https://www.experian.com/freeze/center.html


ugh. even their 10 digit code they provide to unfreeze someone isn't very secure. It's simply todays date plus a 4 digit pin that moves up in the order that someone signs up. For example: 090817xxx1, 090817xxx2. So my wife and I are simply two numbers apart.


Jesus. I think you can provide your own. But yeah, when the user-facing bits are this bad, you know it's nothing but garbage below. I can't believe these companies have so much power.


It worse. It's not even a 4 digit PIN. It's the time in 24-hour format HHMM: https://news.ycombinator.com/item?id=15205579

You and your wife just did it 1 minute apart...


I can't even imagine how something like that can be implemented. Even if you put the most junior developer on this, something so serious should have been reviewed by someone. At least do a quick search on stack overflow or something.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: