National Institute for Standards and Technology

March 22, 2017

eBay Asks Users to Downgrade Security

This post was originally published on this siteLast week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option. In early 2007, PayPal (then part of the same company as eBay) began offering its hardware token for a one-time $5 fee, and […]