The Latest

Equifax Lawsuit Exposes Need for Multi-Factor Authentication Methods

October 29, 2019

If your organization is not now using multi-factor authentication methods for log-in to its systems, then I am afraid it is doing it wrong. System access using stronger means of identity management are no longer a ‘nice-to-have’, they are a must-have. Without it your organization could be on the receiving end of a major system hack and a substantial fine.

Equifax Lawsuit Exposes Need for Multi-Factor Authentication Methods

Equifax lawsuit exposes poor practice

The recent publication of the lawsuit against Equifax in 2017 has shown how poor authentication methods played a major role in the giant security breach which harvested the personal data of some 148 million people in the US alone. As a result of the hack, Equifax has faced fines of up to $700 million in the US, and that figure will get much higher when the fines imposed from other parts of the world are added.

The lawsuit filed in 2017 in the Northern District Court of Georgia has shown some of the poor cyber security practices that were taking place within Equifax. The passwords used within the company were particularly weak in some cases. Equifax employees would often use four-digit pins based on their social security numbers or birthdays to inadequately protect sensitive information.

The worst offending example was the password used to control admin access to one particular portal that hosted a wealth of customer information. The lawsuit said:

“Equifax employed the username “admin” and the password “admin” to protect a portal used to manage credit disputes. This portal contained a vast trove of personal information.”

Way below standard

The lawsuit quite rightly describes these authentication methods as falling way short of expected data security standards. Passwords are not a strong authentication method when they are used alone, but they are even worse when implemented in such a laissez-faire way. These passwords were not complicated, unique or anywhere near hard enough to hack.

Organizations really need to start moving beyond using passwords in isolation. Here at Global Data Sentinel, we let organizations implement secure multi-factor authentication that controls access to your systems, and data, on a file by file basis. We combine strong passwords with a biometric fingerprint to create a convenient but vastly more secure system. Find out more here.