May 282014

Entered into an eBay contact form.

Hi, Just a short note.

I am closing my account: the form that asks why didn’t really capture the true reason why I’m closing.

It’s not quite “identity theft”, but it is security-related.

I haven’t been using my eBay account, so I thought I’d set the password to something nice and *strong*. On the password change form, I noticed a 20-character maximum limit.

This was red flag no. 1.

Then I pasted a randomised password from a generator. The site complained I had forbidden characters.

This was red flag no. 2.

By placing limits on the size of password and its content, it is clear to me that eBay is *not* serious about making its systems truly secure, and that breaches like the one experienced recently will be a recurring event.

By hiding behind “proprietary encryption” it isn’t even serious about reassuring the public: good crypto doesn’t need secret algorithms to work well.

As there’s now very little I buy off eBay, I feel the time has come to say goodbye. If you ever do get your act together, I might consider returning, but until then, farewell.