eBay Users: Change Your Passwords

Status
Not open for further replies.

lpedraja2002

Distinguished
Dec 8, 2007
620
0
18,990
4
I'm getting kind of sick of these news. I guess its finally time to embrace randomly generated passwords. I will have to get something to sync them with my smartphones and laptop though.
 

Xivilain

Reputable
Apr 16, 2014
269
0
4,960
65

mrmez

Splendid
...I guess its finally time to embrace randomly generated passwords. I will have to get something to sync them with my smartphones and laptop though.
You could have a 64 character password, but if the server gets hacked, you're done.
A complex password only prevents people from 'guessing' it.

 

ianj14

Distinguished
May 21, 2011
64
0
18,640
1
Apparently the eBay and Paypal sites only accept passwords up to 20 characters in length, so 64 is out for them.

I use a password manager with local passcard files, so no online server store for them and it allows creation of 'randomly' generated number/letter/symbol combinations. I would say that two factor authentication is the only way to be sure that even if a password is known the account won't get hacked, as long as the second factor is reliable (a phone number or mobile number that can't be somehow intercepted in any way).
 

mrmez

Splendid
Kinda missed the point.
It doesn't matter how long or strong your password is, if the server gets hacked everything should be considered compromised.

I'm not sure how a password manager works, but I'd assume at the end of it, your password and details still need to be stored on a server somewhere.
After all, how can the server know you have the right password if it doesn't have it to begin with?

OSX / iCloud has a password manager that stores all my passwords and shares them across devices, but I can still log on to anything from any device.
 

Floflo81

Honorable
Oct 16, 2013
5
0
10,510
0
One good but not too difficult-to-use solution for more secure passwords is to use a browser plugin like "Password Hasher". When you have to input a password, it asks for a "master" password, which is then used to generate (through a one-way hashing algorithm) a different password for each website (based on the website name).

You only need to remember the master password, and the plugin does the rest. If one of the websites is compromised, and your password for this site is leaked, nobody can use it to log in on another website. And you can generate a second, different, password for the same site with the same master password (using the "Bump" button).

Try "Password Hasher" for Firefox, "Password Hasher Plus" for Chrome and "Hash It!" for Android (they're all compatible as in they generate the same unique passwords for the same input).
 
Status
Not open for further replies.

ASK THE COMMUNITY