Security & Fraud

Is eBay’s Two-Factor Authentication Change Less Secure?

ebay two factor authentication

Cybersecurity news and investigation blog KrebsonSecurity reported that it received an email from eBay that noted some recent changes to the company’s login experience.

According to the report, eBay is asking its users to no longer use a hardware key fob that displays a one-time security code for logging in and instead rely on a code that will be sent via text message.

The message from eBay, which was displayed within a blog post by KrebsonSecurity, states that the company is aiming to make its two-step authentication process more convenient for its users with the change.

However, KrebsonSecurity called out the switch as being “a less-secure option.”

“I found it remarkable that eBay, which at one time was well ahead of most eCommerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience,” the post continued.

EBay’s responded that the change is more about bringing its in-house authentication in-house versus using the security tokens which are made by Verisign. The company told KrebsonSecurity it plans to offer more multi-factor authentication options in the future, but for now it looks as though it will be forcing users to rely on SMS-based authentication, which is viewed by security experts as less secure than other forms of two-factor authentication (2FA).

“As a company, eBay is committed to providing a safe and secure marketplace for our millions of customers around the world,” eBay spokesman Ryan Moore said. “Our product team is constantly working on establishing new short-term and long-term, eBay-owned factors to address our customer’s security needs. To that end, we’ve launched SMS-based 2FA as a convenient 2FA option for eBay customers who already had hardware tokens issued through PayPal. eBay continues to work on advancing multi-factor authentication options for our users, with the end goal of making every solution more secure and more convenient. We look forward to sharing more as additional solutions are ready to launch.”


Latest Insights: 

With an estimated 64 million connected cars on the road by year’s end, QSRs are scrambling to win consumer drive-time dollars via in-dash ordering capabilities, while automakers like Tesla are developing new retail-centric charging stations. The PYMNTS Commerce Connected Playbook explores how the connected car is putting $230 billion worth of connected car spend into overdrive.

Click to comment


To Top