8 Lessons You Can Learn from the eBay Attack (That Stole Your Password)

Save

Passwords are something we should hold near and dear, yet it feels like every week there's a new hack to a popular service that puts us at risk. eBay is just the latest service to leak your information; here's what you need to know.

eBay has announced it had recently discovered the database that housed usernames, passwords, email addresses, physical addresses, phone numbers and date of births has been compromised by hackers.

The wealth of information that was compromised is disturbing. The passwords were encrypted, so it's unlikely hackers have access to your actual password. Everything else, however was stored in plaintext -- so they have your name, address, and other details stored at eBay.

eBay's colorful logo
Sean Gallup/Getty Images News/Getty Images
Read the announcement posted on eBay's blog.

Anytime a site like eBay is hacked, you should change your password at that site.

Pick a strong password. Combine upper and lowercase letters with numbers and symbols when allowed. And most importantly, use a unique password for every single account you use (more on that in a minute).

And if you used that password on other sites, be sure to change the password at those other sites as well. Just to be safe.

Changing your eBay password
Image Courtesy of eBay, Inc.
Click here to go directly to the My eBay site where you can change your password.

If you've read any techy news regarding hacks like the one at eBay, you might have heard the terms "Salt" and "Hash" when discussing the type of encryption used.

The terms don't reference some form of online cuisine. Instead, they describe an encryption process that makes it very difficult for hackers to turn an encrypted password into plain text. Passwords encrypted with this technology is pretty safe -- don't worry about criminals figuring out your password from the stolen data.

Salt, hold the Hash
miflippo/iStock/Getty Images
You can read a more technical explanation of salt and hashing passwords on Scientopia.

Using a strong password is a must for any online service. But more importantly, using a different password for each service you use is paramount to keeping your information secure.

Shortly after eBay announced its database had been compromised, some Australian iPhone users woke up to locked devices and demands for payment before the device would be unlocked.

There's no apparent correlation between the breach and the ransom demands (yet), but it should serve as a reminder when you use the same password for multiple services, hackers could have virtually limitless access to your online life.

A secured iPhone
Andrew Burton/Getty Images News/Getty Images
Read more about the iPhone ransom demands in Australia.

The easiest way to ensure you not just create, but remember, complex passwords (since you are now using unique passwords, right?) is to use a password managing app.

A popular password managing app is 1Password. A suite of 1Password apps and browser extensions create and remember complex passwords for you. The apps even log you in with a quick key combination.

Other password managers include LastPass, Dashlane, and Roboform. Choose the one you like best.

1Password is available across most major platforms.
Image Courtesy of AgileBits
Read more about 1Password from AgileBits.

Using yet another app isn't for everyone. Should you decide you don't want to use a password manager (although you really, really should use one), you can use a password generator to come up with randomly created, very strong passwords for you.

Simply check some boxes marking the password criteria, and then click a button: A random string of characters will be spit out at you for you to memorize or record somewhere.

Create a secure password with a few clicks
Image Courtesy of PasswordsGenerator.net
Visit Secure Password Generator to create a new password, or get some new password advice.

In addition to unique, complex passwords, you should graduate to two-factor (or two-step) authentication, sometimes abbreviated 2FA. Popular services such as Dropbox, Facebook, Twitter, Google, and Apple all use some form of the service. Your financial institutions might, as well.

Here's how it works: After entering your username and password, you're then sent a short code (usually via a text message) which is also required to gain access to your account.

The extra step makes it nearly impossible for hackers to gain access to your account, even with your current password.

Google explaining how the two-step process works.
Image Courtesy of Google
Read more about why two-step authentication is no longer an option on The New York Times.

Database leaks and breaches are simply a fact of your digital life now. Hackers will continue to gain access to your personal information.

The only thing you can do to help minimize any potential damage it can cause in your life is to stop using the same password across all of your accounts. Use a password managing app, or at the very least a random password generator. And last but not least, stay on top of regularly changing your passwords.

Lock down your online accounts.
Jupiterimages/Photos.com/Getty Images
Forbe's offers some terrific advice for dealing not only with the eBay breach, but any hack.

Related Searches

Promoted By Zergnet

Comments

Related Searches

Check It Out

Geek Vs Geek: Robot battles, hoverboard drag race, and more

M
Is DIY in your DNA? Become part of our maker community.
Submit Your Work!