eBay Users: Change Your Passwords

[exfileme]

eBay has been hacked.

eBay Users: Change Your Passwords : Read more

 

[lpedraja2002]

I'm getting kind of sick of these news. I guess its finally time to embrace randomly generated passwords. I will have to get something to sync them with my smartphones and laptop though.

 

[Xivilain]

I wonder if this effects PayPal too. Since your account can be directly linked with PayPal accounts, to streamline the purchase process.

I can rest assure though, my account is safe with Two-step authentication.

You can activate that for eBay here:
http://pages.ebay.com/securitycenter/OnlineSafetyTips.html#two-factor

And here, for Paypal:
https://www.paypal.com/us/cgi-bin?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside&bn_r=o

 

[mrmez]

...I guess its finally time to embrace randomly generated passwords. I will have to get something to sync them with my smartphones and laptop though.

You could have a 64 character password, but if the server gets hacked, you're done.
A complex password only prevents people from 'guessing' it.

 

[ianj14]

Apparently the eBay and Paypal sites only accept passwords up to 20 characters in length, so 64 is out for them.

I use a password manager with local passcard files, so no online server store for them and it allows creation of 'randomly' generated number/letter/symbol combinations. I would say that two factor authentication is the only way to be sure that even if a password is known the account won't get hacked, as long as the second factor is reliable (a phone number or mobile number that can't be somehow intercepted in any way).

 

[mrmez]

Kinda missed the point.
It doesn't matter how long or strong your password is, if the server gets hacked everything should be considered compromised.

I'm not sure how a password manager works, but I'd assume at the end of it, your password and details still need to be stored on a server somewhere.
After all, how can the server know you have the right password if it doesn't have it to begin with?

OSX / iCloud has a password manager that stores all my passwords and shares them across devices, but I can still log on to anything from any device.

 

[Floflo81]

One good but not too difficult-to-use solution for more secure passwords is to use a browser plugin like "Password Hasher". When you have to input a password, it asks for a "master" password, which is then used to generate (through a one-way hashing algorithm) a different password for each website (based on the website name).

You only need to remember the master password, and the plugin does the rest. If one of the websites is compromised, and your password for this site is leaked, nobody can use it to log in on another website. And you can generate a second, different, password for the same site with the same master password (using the "Bump" button).

Try "Password Hasher" for Firefox, "Password Hasher Plus" for Chrome and "Hash It!" for Android (they're all compatible as in they generate the same unique passwords for the same input).

 

[jerrspud]

So what are the real odds the encrypted passwords can be deciphered?

 

[masteroftheuniverse]

It has to have the key on the server to read anything encrypted, if it is just comparing HASHES that is a completely different thing.

 

[littleleo]

Nice to know it happened 3 months ago.