TUCoPS :: Privacy :: ebaypw.htm

eBay doesn't encrypt passwords!





    Richard  Fromm  found  following.   Not  as  bad as not encrypting
    credit card numbers  (they do encrypt  that), but for  some reason
    ebay doesn't bother to encrypt passwords.

    While they're certainly not the only web site doing this, this  is
    a bit more serious than a website where one's password just  holds
    personal preferences.  Listing items for sale or bidding on  items
    on ebay is allegedly entering into a legally binding contract.  So
    if  someone  sniffs  your  password  he/she  has  the  ability  to
    misrepresent  your  identity  in  such   a  way  that  you   could
    potentially be financially liable.

    Richard has  been trying  to get  ebay to  do something about this
    for a month and a half, to no avail.  See


    for details, including an ebay password sniffer.


    Ebay now has a link on their  Sign In feature page to sign in  via
    SSL.  It's not the most obvious link.  An easy way to get there:

        - when prompted for your id/password, below the box, click the
          Sign In link
        - when  prompted again  for your  id/password, below  the box,
          click the 'here' link

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH