Ebay urges users to change passwords
- Thread starter DemonNite
- Start date
- Status
Razgriz-Specter
Member
Thanks.
chickdigger802
Banned
haven't used ebay in a while, where do i even change password? Don't see it in Account
it's under personal info
Delusibeta
Banned
Thankfully, I had LastPassed my eBay password so this is a fairly minor concern, but it's still annoying.
chickdigger802
Banned
gonna be fun the day paypal is hacked.
Sir_Crocodile
Member
They also got names, email addresses, physical addresses, phone numbers and date of birth.
You'd think ebay would be at the cutting edge of secure databases given their paypal business.
You'd think ebay would be at the cutting edge of secure databases given their paypal business.
TheAbsolution
Member
Thanks LastPass!
terrisus
Member
And say hello to qVz!7PzlMAKx9#k49Y$^1
Bafflingly stupid policy. At least it's not 8(!), which I've seen before
Yeah I hate those sites. It hurts my lastpass security ranking.
sixteen-bit
Member
Thanks for the heads up OP
Jag
Member
I agree. They also don't post this on their homepage or even make it easy to change your PW. Such bullshit.
Red Liquorice
Member
Done, thank you for the headsup.
There's nothing about this on their front page, which is worrying - they should be doing all they can to get the word out to customers.
There's nothing about this on their front page, which is worrying - they should be doing all they can to get the word out to customers.
terrisus
Member
Fortinbras
Member
BBC said:
That is just great.
thefunkyman
Banned
I was using that too.
Tarkus
Member
Me either. Thanks DemonNite! Are you an eBay insider too?
nabe_shogun
Member
Neither did I. But whatever I changed it anyway. Probably a good idea since my old password was only 2 characters.
Kabuki Quantum Lover
Member
I saw this pop up on my RSS and changed it immediately (I don't think I've even gone through all of my Heartbleed-affected sites). My Dreamcast bidding will not be interrupted.
Agreed, but at least with password managers it's not as much of a hassle as it woulda' been.
I know there are dozens of accounts that I rarely use that are going to be ever-more likely to be compromised as I never remember to change the passwords for them though.
The Real Abed
Perma-Junior
Definitely going to change mine. After ArsTechnica and Twitch both lost mine following that security breach a few months ago (Causing me to have to make a new Ars account, and I guess new Twitch account if I ever feel like using the site much again.) I won't lose another.
Thankfully the credit card on my eBay account is out of date anyway and expired so anyone who would break in wouldn't be able to use it. But changing it anyway.
(I use 1Password for management myself. Which is why I was pissed when Ars wouldn't let me log in with the password I knew for a fact was correct, nor would the site email me a link to reset it, nor would support get back to me about the problem.)
Thankfully the credit card on my eBay account is out of date anyway and expired so anyone who would break in wouldn't be able to use it. But changing it anyway.
(I use 1Password for management myself. Which is why I was pissed when Ars wouldn't let me log in with the password I knew for a fact was correct, nor would the site email me a link to reset it, nor would support get back to me about the problem.)
expired cards can be easily used. then again, it doesn't really matter (in the us)
Vanillalite
Ask me about the GAF Notebook
Changed my pw. Good deal!
FunkyPajamas
Member
http://arstechnica.com/business/201...ecure-than-passwords-because-of-poor-choices/
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
Efficient password cracking is based largely on understanding patterns in human behavior. My password is random, not a human-influenced substitution
Dog Problems
Banned
Thanks for the notice, OP.
I'm surprised ebay didn't have a backdoor in their system to PayPal. Heck, we might hear about it in a few months due to the usual delays with these announcements.
Netherscourge
Banned
Oh, great...
EBAY?
I can't wait to see what happens when Amazon, PayPal and Apple/Google accounts get hacked.
Bye bye identity, credit ratings and bank accounts
EBAY?
I can't wait to see what happens when Amazon, PayPal and Apple/Google accounts get hacked.
Bye bye identity, credit ratings and bank accounts
Stumpokapow
listen to the mad man
You're quoting this, but you don't seem to understand what it means--by far the worst thing you can do for password security is to read a comic and then without understanding it, echo it mindlessly.
First, eBay's password length limit prohibits you from effectively using a dictionary combination strategy. For four words you have a total of 17 characters of space to write them. If you want exactly four words, you're choosing from three four letter words and a five letter word, or two five letter words, a four letter word, and a three letter word. So you won't be able to hit the 44-bits of entropy Randall is suggesting unless you have a Scrabble-guru like vocabulary and choose from your full vocabulary, rather than common words. If we assume that you are choosing from a bank of say 1500 common words and limited by that word length limit, you're down to a maximum of 35 bits of entropy at most, assuming fully random selection, which most people likely do not do.
Second, people who use lengthy random passwords (as opposed to moderately altered dictionary words) use password managers, so they don't need to or want to remember their passwords. Anyone can use a password manager, it takes essentially no time and doesn't need to cost anything, so at this juncture, the idea of coming up with a password manually is itself very poor advice. Randall notes that the four-word password has 44 bits of entropy, as though that's some great achievement. The password you quoted that sangreal posted has around 121 bits of entropy. So you're telling him to reduce the complexity of his password by MANY orders of magnitude. Great advice.
- Status
Similar threads
- Locked