Forgot your password?
typodupeerror
Japan Security

eBay Japan Passwords Revealed As Username+123456 80

Posted by timothy
from the oopsie-daisy dept.
mask.of.sanity (1228908) writes "eBay Japan created passwords for accounts based on a combination of a username plus a static salt, allowing anyone with knowledge of it to access any account, a researcher reported. The salt, which should have been random, used was the combination '123456', which was reported as last year's worst password." Complete with visual aids.
This discussion has been archived. No new comments can be posted.

eBay Japan Passwords Revealed As Username+123456

Comments Filter:
  • by Todd Knarr (15451) on Thursday March 27, 2014 @02:53PM (#46595579) Homepage

    If the password was set by the system, either during a password reset or initial account creation, the first thing I do is change the password to a random one my password manager program's generated. Why were these accounts still using the system-created password? Also, the article seems to conflate two uses of the term "salt": the random nonce used to insure the stored hash value isn't the same for two different accounts that picked the same password, and the random string used in the plaintext of the initial password to avoid a trivially-guessable "password same as username"-type case. The two aren't at all the same.

  • Re:Obligatory (Score:2, Insightful)

    by Anonymous Coward on Thursday March 27, 2014 @03:34PM (#46595999)

    Introducing easter eggs is enough to get fired, if your employer takes quality seriously.

    Introducing an idea to add proper entropy calculation of all passwords can help you get a raise. Of course, if you implement it by "if char.isUpper(): entropy += 5" then you should also be fired...

  • by fullback (968784) on Thursday March 27, 2014 @03:51PM (#46596197)

    I've lived in Japan for over 20 years and I, like probably most people in Japan, didn't know it even existed.

Let's organize this thing and take all the fun out of it.

Working...