
Ebay: Copy/Paste passwords disabled because "not secure" - radicalbyte
https://twitter.com/AskeBay/status/469591817508237312
======
ozh
While this sounds stupid if you're using a password manager with very
complicated passwords, 99.99% of ebay users are probably random moms with very
simple passwords. Making sure they don't copy/paste something wrong must
really cut the number of support requests.

~~~
kyboren
I think most of us understand the motivation.

The problem isn't really that they're inconveniencing "expert" users with a
'one size fits all' approach.

The problem is that they recognize a possible security concern and then,
rather than pushing for the root cause of that concern to be fixed, they
simply try to work around this particular concern. Their workaround inevitably
creates new security risks, or makes _more effective_ solutions harder.

It's just like with passwords. Organization A sees a risk in passwords being
brute-forced. So, they require users have [a-zA-Z0-9] passwords. But their
standard MD5 password hashing is still too fast. So they require users to
change their password every 30 days. Problem solved! Except that now, users
are very unlikely to consistently remember their password, meaning lots of
password post-its on desks, and lots of support calls. Now they're completely
vulnerable to simple physical attacks (deliver flowers to the office -> get
some passwords) and social engineering attacks (frequent forgotten password
calls -> easier to convince support you're a legitimate user who forgot their
password). Insanity.

------
Khaine
Why are so many web developers such morons?

So many websites have arbitrary restrictions on what can be a password?

eBay have handled this breach poorly, and I hope the suffer, so that in the
future they and other organisations will handle these situations better

------
radicalbyte
I love it how they even include a link to info over their hack together with
their "homeopathic" "security" measures.

It really disappoints me that Ebay are this clueless, and it's making me worry
about PayPal..

