Cybersecurity news and investigation blog KrebsonSecurity reported that it received an email from eBay that noted some recent changes to the company’s login experience.
According to the report, eBay is asking its users to no longer use a hardware key fob that displays a one-time security code for logging in and instead rely on a code that will be sent via text message.
The message from eBay, which was displayed within a blog post by KrebsonSecurity, states that the company is aiming to make its two-step authentication process more convenient for its users with the change.
However, KrebsonSecurity called out the switch as being “a less-secure option.”
“I found it remarkable that eBay, which at one time was well ahead of most eCommerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience,” the post continued.
EBay’s responded that the change is more about bringing its in-house authentication in-house versus using the security tokens which are made by Verisign. The company told KrebsonSecurity it plans to offer more multi-factor authentication options in the future, but for now it looks as though it will be forcing users to rely on SMS-based authentication, which is viewed by security experts as less secure than other forms of two-factor authentication (2FA).
“As a company, eBay is committed to providing a safe and secure marketplace for our millions of customers around the world,” eBay spokesman Ryan Moore said. “Our product team is constantly working on establishing new short-term and long-term, eBay-owned factors to address our customer’s security needs. To that end, we’ve launched SMS-based 2FA as a convenient 2FA option for eBay customers who already had hardware tokens issued through PayPal. eBay continues to work on advancing multi-factor authentication options for our users, with the end goal of making every solution more secure and more convenient. We look forward to sharing more as additional solutions are ready to launch.”