Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Japan Security

eBay Japan Passwords Revealed As Username+123456 80

Posted by timothy
from the oopsie-daisy dept.
mask.of.sanity (1228908) writes "eBay Japan created passwords for accounts based on a combination of a username plus a static salt, allowing anyone with knowledge of it to access any account, a researcher reported. The salt, which should have been random, used was the combination '123456', which was reported as last year's worst password." Complete with visual aids.
This discussion has been archived. No new comments can be posted.

eBay Japan Passwords Revealed As Username+123456

Comments Filter:
  • by Todd Knarr (15451) on Thursday March 27, 2014 @03:53PM (#46595579) Homepage

    If the password was set by the system, either during a password reset or initial account creation, the first thing I do is change the password to a random one my password manager program's generated. Why were these accounts still using the system-created password? Also, the article seems to conflate two uses of the term "salt": the random nonce used to insure the stored hash value isn't the same for two different accounts that picked the same password, and the random string used in the plaintext of the initial password to avoid a trivially-guessable "password same as username"-type case. The two aren't at all the same.

  • Re:Obligatory (Score:2, Insightful)

    by Anonymous Coward on Thursday March 27, 2014 @04:34PM (#46595999)

    Introducing easter eggs is enough to get fired, if your employer takes quality seriously.

    Introducing an idea to add proper entropy calculation of all passwords can help you get a raise. Of course, if you implement it by "if char.isUpper(): entropy += 5" then you should also be fired...

  • by fullback (968784) on Thursday March 27, 2014 @04:51PM (#46596197)

    I've lived in Japan for over 20 years and I, like probably most people in Japan, didn't know it even existed.

According to the latest official figures, 43% of all statistics are totally worthless.