[SubZero]

What could be a possible solution to the PIN reset? Security practices say that we can authenticate across 3 ways; something you are, something you have, and something you know. Its obvious to me that the something you know is also known by hackers, and I don't think biometrics are going to be overly popular after this. Does Experian send out a hardware token to all users that request a security freeze?

[ivmi]

A mailed letter would work. Plenty of other orgs do that as the only way to communicate your PIN to you.

[jonnytran]

It's interesting that this isn't one of the three traditional ways to authenticate, but it's obviously effective to some degree. Maybe it suggests a new mode of authenticating: some place where you are.