Change your Ebay Password NOW!

Post by **FlyingPenguin** » Thu May 22, 2014 12:55 pm

Even though Ebay says Paypal was unaffected, I'd change your Paypal password too.

http://arstechnica.com/security/2014/05 ... base-hack/

darcy · Post by **darcy** » Thu May 22, 2014 1:02 pm

I saw that yesterday but didn't have time to post { sorry,,, }; but i let hubby know 'cause he uses that quite a bit,,

Post by **FlyingPenguin** » Thu May 22, 2014 1:10 pm

Just wrote them a nasty email. They don't allow you to copy and paste a password into the change password dialog. That's really annoying for security conscious people like me. I generate a long (18+ digit) random password at GRC.com and copy and paste it into my encypted password file, and then paste it into the web page when logging in.

NOT fun typing in a random 18+ digit password by hand TWICE.

As an IT tech I can't see any rational reason for preventing copy & pasting. If they're worried about stopping some sort of automated attack, it's not hard for a hacker to just use a macro app that emulates keyboard inputs.

darcy · Post by **darcy** » Thu May 22, 2014 1:26 pm

I don't blame you; and you would know things better than most,,!

DaMaN · Post by **DaMaN** » Fri May 23, 2014 9:53 am

eBay should issue a SecureID fob for users.

eGoCeNTRoNiX · Post by **eGoCeNTRoNiX** » Fri May 23, 2014 10:00 am

I think they did that at one time.. Or maybe that was PayPal.. But that was 10-15 years ago.. lol

Post by **FlyingPenguin** » Fri May 23, 2014 4:39 pm

eBay should issue a SecureID fob for users.

They do (it works on both Ebay and Paypal) and they still have it. I have the older "football" security key. The newer one is credit card size, and they can also text you a code to your cell phone if you prefer.

https://www.paypal.com/us/cgi-bin?cmd=x ... ide&bn_r=o

Executioner · Post by **Executioner** » Fri May 23, 2014 4:49 pm

Yeah I still have mine I got years ago. Like FP, mine is also a "football".

Nuby1Canuby · Post by **Nuby1Canuby** » Fri May 23, 2014 6:53 pm

I was pulling out my hair trying to get my 50 character password to work on my new router last year.

FlyingPenguin wrote:Just wrote them a nasty email. They don't allow you to copy and paste a password into the change password dialog. That's really annoying for security conscious people like me. I generate a long (18+ digit) random password at GRC.com and copy and paste it into my encypted password file, and then paste it into the web page when logging in.

NOT fun typing in a random 18+ digit password by hand TWICE.

As an IT tech I can't see any rational reason for preventing copy & pasting. If they're worried about stopping some sort of automated attack, it's not hard for a hacker to just use a macro app that emulates keyboard inputs.