Enabling 2-factor authentication is the most important step you can take towards securing your important accounts.
That simply means that in addition to entering a password or PIN, you must take a second step to access the account. That could be entering a code, answering a question, or tapping on an app notification.
Today, I’ll show you how to set it up for your eBay account. Start by heading to eBay and signing in.
On a browser, click the drop-down arrow by your name and select Account Settings.
Choose Sign in and security.
Under Sign in and security you can add a Secret question and 2 step verification.
Click the Edit button to get started.
You get three secret questions.
Choose from a long list.
Add the answers and then click OK to finish. You’ll receive an email confirming the changes.
Next, let’s look at how to add 2-factor authentication. Click the edit button next to 2 step verification.
Choose between receiving a notification through the eBay app on your smartphone or a text message.
Verify your phone number.
eBay will text you a security code.
Enter it into the website.
If they are unable to text you, they’ll verify by email. To set up, click on Send code.
eBay will send an email with the code.
Just enter the code and click Verify.
With three security questions and two-factor authentication in place, it will be much harder for anyone but you to access your account.
Too many “security questions” can be answered based on users’ other profiles (I don’t have any) or “people finder” or genealogy sites (mother’s maiden name). Recall, this is how Sarah Palin’s email was hacked (something involving where she went to high school). Many of the question alternatives pose questions that have no answers (place of marriage, name of oldest sibling). For those reasons, I always lie. For a few sites, I kept a list, but in most cases, I don’t know the answers to the security questions so I am just guessing myself at what answer I might have chosen. My email provider refreshes the inbox only every 5 min or so, so it can be a long wait for a code to arrive. Text messages require me to give out my phone number, which I prefer not to do, unless I purchase another phone and dedicate it to authentication codes. I’m in favor of security, but everything posed so far is either biologically invasive or a complete pain in the a**.
I so rarely need to sign into eBay, I have to look up the password I do use. I have searches set up for multiple items. The daily search results post to my eBay email list daily and I just click on them. Clicking in and out of them. This isn’t good, right? Even to pay for an item doesn’t require signing in. Trish
I often use SNIPE for bidding. I have doubts that would work if I set up 2fa and security questions.
The solution is not two factor.
There are three factors: something you know (password, answers to questions), something you are (finger print, eye biometrics, etc.), and something you have (a token, a dongle, etc.). Two factor means using 2 of the three factors. A good example of two factor solution that most of you use is charging your groceries: you have a charge card AND a pin (password).
A pseudo token might be having the company calling you on your phone (in their database) with a value for you to type in; it can only be used for that particular session. If they don’t call, your account may have been compromised and you may need to call their help desk for remediation.
The implementation used by many companies is one factor used twice. Unfortunately, it’s not much stronger than a password. The questions are usually “history” questions of an individual; if I know the history it’s easy for me since I can always brute force the PW (note – brute force always works; it may take 123,000 years, but it works; have a long password, passphrase, etc. to have a guessing period of 240+ years (twice the time than the rest of your life; not many people older than 120 use computers these days).
Use a combination of letters, numbers, and special characters; have a minimum of 1 capitalized letter, 1 lower case letter, 1 number, AND 1 special character in your password or passphrase. An example: {3aMahackerwouldhaveahardtimebreakingthispassword
If you provide other answers for the history questions, you have problems remembering the “right” answer. And if you create a file with your numerous accounts with IDs, PWs, and history answers AND you get compromised, all of your accounts are compromised. The financial accounts will have the highest value to a hacker.
Finally, this is hard to do for many people – have a different password for each account you have.