AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Thu Mar 23 2017 10:59:34

Security Guru Looks Askance at eBay's Latest Move

By: Ina Steiner

Sponsored Link

eBay and PayPal made a big deal of their key fobs designed to make users' accounts more secure. Now security guru Brian Krebs reports that eBay is backing away from the practice.

He wrote on his blog:

"The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option."

Here's a take from UK tech publication The Register, which says the alternative is risky: "But there's one big problem with eBay's plan, namely that two-factor authentication (2FA) over SMS messages has been shown to be insecure."

Do you use the security fob when logging in to your account? Would you be concerned if you could no longer use it?




Comments (10) | Permalink

Readers Comments

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

This user has validated their user name. by: Ric

Thu Mar 23 21:24:24 2017

This is eBay's insidious way of getting your cell phone number which they will then use to not just telemarket you, but also to compile a huge list of active numbers which they could monetize by selling it to other companies.

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

This user has validated their user name. by: Ming the Merciless

Thu Mar 23 22:54:21 2017

As usual -- no actually as always -- Ric is correct.

Wenig and Lawton would monetize their own mothers if anyone would buy them.

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

This user has validated their user name. by: The End

Fri Mar 24 00:01:33 2017

Poor Ebay. Wasting away. What could have been an unparalleled economic engine for all Americans, making life excellent for all Americans, is being held hostage by 2 morons that failed to learn from their own past. They will repeat it.  

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

This user has validated their user name. by: IDKwhoIare

Fri Mar 24 09:07:43 2017

Have to agree with Ric.  No, I won't give eBay (or anyone other than friends & family) my cell number.

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

This user has validated their user name. by: Rexford

Fri Mar 24 17:22:48 2017

Ric says "to compile a huge list of active numbers which they could monetize by selling it to other companies."

I think Ric is right.  They seem to have forgotten quite some time ago that they are an ecommerce company. Stay out of selling data eBay.

They constantly try to get my mobile phone number.  NEVER!

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

by: rachel This user has validated their user name.

Mon Mar 27 00:22:54 2017

I did use two step authentication with PayPal but since they text to the cellphone, they think you don't  have to change password so am using a different system.

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

by: bcsj This user has validated their user name.

Mon Mar 27 00:23:31 2017

Using SMS to receive 2FA (two-factor authentication) messages is standard practice in the banking industry, among others.  I used it today with Bank of America.  It is not as secure as using a fob, but it is *very* safe and your chances of being exploited are nearly nil.

I've been using SMS with PayPal for years.  Guess what?  They've never once called me on my cell.  In other words, relax, everybody.

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

by: handmedownheaven This user has validated their user name.
Web Site

Mon Mar 27 01:14:25 2017

Going down like the Titanic except with no life boats

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

by: Moonwishes This user has validated their user name.
Web Site

Mon Mar 27 01:39:28 2017

Don't even know what the key fob is, but I do know this. I am constantly being asking for my cell phone number so they can send me messages blah blah blah. What they never ask is this. "Do you have a cell phone and would you like to share its number so that we can blah blah". I don't own a cell phone. We don't use them. We have a landline so we can't get text messages. I spoke to a Verizon guy about this once when I had to call about a different matter and was wondering if we were the last family in the USA without a cell phone. He said I would be surprised at how many millions of homes still only have landlines/no cell phones. So why do so many of these places just assume that we have a cell phone and we want to share our number with them so they can text us at our cost assuming your phone plan charges you for text messages. I know they used to. I got really ticked when trying to sign into Social Security one day (I'm on SSD) to find that I needed a cell phone to get into the site! The group of people that are probably one of the largest populations of people without a cell phone were expected to have one. Let me tell you, my check from them is slightly above average and that doesn't allow for the cost of a cell phone!

Security Guru Looks Askance at eBay's Latest Move   Security Guru Looks Askance at eBay's Latest Move

by: 1st Armored Div. 1971-1973 This user has validated their user name.

Wed Mar 29 20:50:58 2017

Gave up the FOB many years ago and switched to my cellphone. I feel very safe at night knowing that it requires both my password, ID and a six-digit code or something similar to get into my Paypal account or bank account or Amazon account, facebook account, google account, etc... I wish ebay would make the switch too. I have been waiting on them to catch up with the rest of the world.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.