A few days ago I received an email from eBay.
Apparently someone had clicked the “forgot my password” link, which triggered an email. Since I knew that I had not clicked on that link, I was somewhat concerned. What was noteworthy, however, was the ip address from which the request originated.
Most websites’ “forgot my password” links work by sending an e-mail to your account’s “registered e-mail address”. If the hacker can break into your e-mail address and access that e-mail message, all is lost. They can change your e-mail password (locking you out of your account) change the website’s password, log into the site (in this case eBay) and hijack your account. Mat Honan found this out the hard way last year. Takeaway quote: “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened”
Fortunately, my e-mail login is protected by two-factor authentication, so I have little to worry about on that front. eBay, however, is another matter. What if they are able to successfully guess the password? The solution was easy enough; I simply logged onto eBay, and turned on two-factor authentication there.
So, my little yellow friend, you are out of luck. Please go away and bother somebody else. Thanks!