Change your eBay passwords

[TheFatBaron]

I haven't seen it mentioned here, but I know a lot of people here shop on eBay. There was a security breach that was just announced, which involved passwords (and some personal info) being stolen. 

 

 

The passwords are encrypted (and seemingly well-encrypted, since they haven't shown up for sale anywhere), but there is always a chance that they could be cracked, particularly if you have a crappy password. Log into eBay, change your password, and then change your password on any other site that shared the password. Note that eBay is getting hammered right now, and it may take a couple tries. 

 

What's a good password? A random mix of numbers, letters, and symbols that is not used elsewhere. The longer the better. Consider using a password manager like OnePassword/LastPass/KeePass that can generate good passwords for you.

 

[TerryMcK]

good advice. Keepass is the one I use.

[Beechwood Chip]

For people who are good typists, it can be easier to use a long pass phrase than a short gobbledegook password.  For example,

"I was born at Mt Sinai Hospital in the early morning" can be easier to enter and just as secure as "u<S(#e0Hhg".

 

Good advice about the password manager, and if you have a smartphone or tablet, two-factor is really the solution.  That way stealing your password is useless unless they also physically steal your phone.

[Tpt life]

Please explain two-factor.

[TheFatBaron]

Please explain two-factor.

 

Essentially, it means that you require a piece of information OTHER than a password to log in. Normally it's a piece of information that's seemingly random and time-sensitive, meaning it's only valid for a short period of time. It is not, say, requiring you to put in your birthday, or a phone number, or other piece of info that doesn't change.

 

For example, when I log into Gmail, after putting in my user name and password, I also have to go to my phone, open up a special app, and get a short code that is generated. I can't actually log into Google without that code. So, even if someone were to get my Gmail password, they'd also have to have stolen my phone and be able to unlock it. The code generated is unique to that phone and that particular copy of the app, so it's very hard to actually gain access.

[Tpt life]

Makes sense. How is this set up? Is this in the settings of your Google account or is this a service provided by your password manager?

[TheFatBaron]

It's provided by the Google Authenticator app. Check your google account settings. There will be info there. Some non-google services (like Dropbox) also use this, and some other services (like Yahoo Mail) offer their own services.

[G S Haydon]

Did it it as soon as I heard. Seemed a big delay between them knowing and then coming clean......

[TheFatBaron]

Perhaps. The intrusion was months ago, but the question is when did they find out? Think about this this way: someone finds a spare key to your house, opens the door, and steals a fork or two. They don't trash anything - they just take a couple forks and walk away. You come home from work and are none the wiser until you have your inlaws over for dinner a month later realize you don't have enough forks for everyone and wonder, "what happened to my forks?"

[MTMan]

Ya. Need to put in three post replies to use other parts of the site.