A few days ago I received an email from eBay.

password1Apparently someone had clicked the “forgot my password” link, which triggered an email. Since I knew that I had not clicked on that link, I was somewhat concerned. What was noteworthy, however, was the ip address from which the request originated.

password2That’s right, this was being done by someone in China.  Suddenly my antennae were up and quivering.

Most websites’ “forgot my password” links work by sending an e-mail to your account’s “registered e-mail address”. If the hacker can break into your e-mail address and access that e-mail message, all is lost. They can change your e-mail password (locking you out of your account) change the website’s password, log into the site (in this case eBay) and hijack your account. Mat Honan found this out the hard way last year. Takeaway quote: “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened”

Fortunately, my e-mail login is protected by two-factor authentication, so I have little to worry about on that front. eBay, however, is another matter. What if they are able to successfully guess the password? The solution was easy enough; I simply logged onto eBay, and turned on two-factor authentication there.

So, my little yellow friend, you are out of luck. Please go away and bother somebody else. Thanks!

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: