View Single Post
  #14  
Old 22-05-2014, 02:51 PM
mithrandir's Avatar
mithrandir (Andrew)
Registered User

mithrandir is offline
 
Join Date: Jan 2009
Location: Glenhaven
Posts: 4,161
Quote:
Originally Posted by Astro_Bot View Post
I'm disappointed that there's no e-mail from eBay alerting users to this problem. They're certainly happy enough to send marketing e-mails.
Emailing people is counterproductive. Especially so if they include a link to the password change page. It takes more intelligence than the average user to tell the difference between a real email and a phish.

Better to expire passwords and make people change them at next logon with a two factor process.

And store passwords as hashes rather than encrypted which is what e-bay did. It means they can't tell you what your password is if you forget it, but is far more secure.
Reply With Quote