eBay Password Security

Following is an article written by Allison Hartsoe and posted at Auctionbytes (title above is link to original article); it's directed towards eBay passwords, but easily applies to any online passwords you may use.

eBay Password Security (Vendor Monday)
By Allison Hartsoe
AuctionBytes.com
January 01, 2007

In today's AuctionBytes "Vendor Monday" column, Internet Business Skills founder Allison Hartsoe exposes vulnerability for eBay sellers: insecure passwords. Each week, AuctionBytes.com runs an article submitted by a vendor or marketplace in the online-auction industry about a topic helpful to online sellers. Story submissions are welcome by emailing the editor.

It never ceases to amaze me the number of eBay sellers who have fairly insecure passwords. Even the larger companies I deal with are prone to creating simple, highly insecure passwords. Judging by the number of sellers I personally know who have had their accounts compromised, eBay is a prime target for password attacks.

Now, like you, I hate to create a complex password I can't remember. So here's a little background on what it takes to hack an eBay password and how you can create highly un-hackable password you can remember.

Rule #1 - Create a password longer than 4 characters
The more characters in a password, the harder it is to crack. You probably knew this already, but did you know that a password of 4 characters or less can be hacked instantly using any number of commercial programs?

Rule #2 - Use upper and lower case letters in your password plus digits
Lowercase letters are the easiest to break. Adding upper case letters increases the level of difficulty, but is still not the best solution. Adding a digit is also a good idea. See Rule #3 below.

Rule #3 - Incorporate the full set of ASCII characters in your password
What's an ASCII character? Anything on your keyboard is an ASCII character, but the characters above the numbers (!,@,#,$,%,^,&,*,(,)) are particularly useful in creating a powerful password. Here's an example. If my password is "ebay" a password-breaking program would crack this instantly. If my password is "ebay3" it would take 2 minutes to get into my account. If I added an uppercase letter and made my password "eBay3" it would now take 12 minutes to gain access. But if I added an ASCII character, "eBy!3" it will now take 4 hours to get into my account.

Rule #4 - Choose an uncommon or non-existent word
Common English words are subject to Dictionary attacks. This is where a password cracking program runs through every word in the dictionary to find your password. Even if you put two common words together to create one that is not an actual word, for example "sidebook," a dictionary attack can still find it.

Now, here's a simple way to create a secure password you can remember that complies with all the rules above. Think of a sentence that describes something you can remember. For example, "I lived at 45 Maple Street in Ohio" or "My 3rd grade teacher was Mrs. Snyder at McKnight. Then, create your password by taking the first letter or number from each word in the sentence. So, our first example would become "Il@45MSiO" and the second would be "M3gtwMS@M".

Want to know how long it would take a program to crack those passwords? 44,530 years. Yes, it would take a program that long. If you remove the @ sign and replace it with the letter "a" it drops to 178 years, but still a very powerful password.

Now, make a resolution for the New Year to keep your eBay account secure and change that flimsy password to something powerful!
---
Allison Hartsoe is the founder of Internet Business Skills (http://www.internetbusinessskills.com). Internet Business Skills is the only company providing inventory-based analytical intelligence to eBay sellers in order to reduce fees. IBS enables eBay PowerSellers to reduce their eBay listing and marketing fees by 20-50 percent while increasing their staying power as an eBay PowerSeller. Before founding Internet Business Skills, Allison worked both as the Director of Business Development for Vericept Corporation, a security start-up, and served as the Executive Director for the Colorado chapter of the Front Range Forum for Women Entrepreneurs. In 1996 in San Francisco, Allison co-founded iSyndicate, a marketplace for digital content. iSyndicate grew to 230 employees with 6 domestic offices and 3 international before being acquired by a competitor in August 2001. While at iSyndicate, Allison led the International Team where she opened iSyndicate's first European office in London, and later struck a 50/50 joint venture with media powerhouse Bertelsmann. Allison has appeared on programs such as CNN Europe, CNBC Europe, NPR's Real Computing, and spoken at Internet Content West and Internet World 2000. Outside work, Allison is equally determined; she climbed Mt. Kiliminjaro and biked across the USA.