eBay wants to eliminate the need for users to have passwords, though it’s not the first time eBay has laid out ambitious plans when it comes to managing user identities.
Ashok Balasubramanian wrote in a blog post last week that eBay Identity has taken on the goal of “killing passwords for eBay users once (and) for all,” while acknowledging it’s an ambitious and “not trivial” task.
eBay’s First Attempt: 2011
In 2011, eBay and its PayPal unit (at the time) had set out to create an ambitious global shopper identity system in which shoppers could sign in to websites with their “Commerce Identity” tied to PayPal. The identity system would include shopping profiles so retailers could show shoppers targeted offers.
The system was being developed under a unified developers program called X.commerce headed by Neal Sample for all eBay Inc. properties, including PayPal, Magento, eBay, GSI Commerce, Where and Milo.
X.commerce and its Commerce Identity project fizzled out, and Sample left the company the following year.
This time around, the much smaller (post-breakup) eBay is counting on social networking sites to help. Balasubramanian wrote, “Social sign up is the next big step in the on-boarding experience charter. Social sign up focuses on delegating authentication to social websites.”
eBay’s Current Attempt: 2018
In his blog post, Balasubramanian didn’t say when the company took on the task but noted that a challenge was eBay’s legacy on-boarding service built in 2005. “We were crawling when we were supposed to fly,” he wrote. “So, we took up the task of creating a new user on-boarding service, using latest coding standards, that can facilitate seamless on-boarding of customers to eBay.
“We recently launched the new on-boarding service live to the customers.”
He went on to describe the technical aspects of the system, noting that, “At eBay Identity, we embed security and risk detection at every phase of user state management.” (eBay understands the importance of security all too well, having had its databases breached in 2014.)
Interestingly, Balasubramanian noted that eBay runs “device profiling” as part of on-boarding, which he said was one of the key signals to the risk system in detecting and preventing ATO (Account Take Over) for the user – ATOs are a concern for sellers on all online marketplaces.
Another area he called out in his post: verification, which includes IP address and useragent of the browser. eBay determines the risk level of users trying to onboard with eBay, and “all HIGH risk users will be either blocked or challenged with email, phone, and or credit card verification to confirm their identity. The user will be on-boarded only when this verification step is complete.”
Some of the milestones he mentioned on eBay’s journey to become password free were the following:
– eBay launched Google Sign-In for Android last year.
– eBay open sourced “Universal Authentication Framework (UAF),” a component mainly focused on password-free authentication working with FIDO Alliance.
– eBay enabled Touch ID and Face ID on devices that supported them as soon as they were launched.
You can read the post on the eBay corporate blog.