Did I get your attention? GOOD!
As the guy in charge of Trust & Safety messaging, you might say my job is an uphill battle. Safety messages are, to be blunt, boring. (This is also one of the reasons why we're making our Security Center friendlier and more inviting.)
Most serious content on the vitally important subject of password security (including eBay's Help page, I'll admit) reads like mom's admonishment to "eat your vegetables" or "clean up your room." We roll our eyes and inwardly groan, "Not another litany about passwords...I know, mom! I KNOW!!"
We often feel like the messages are for someone else. We might even feel a bit patronized by them. "Of COURSE I use strong passwords, duh! My passwords are NOT my birthday, my pet's name, my favorite sports team, or the word 'password123,' so what could possibly go wrong?" we say.
We can thank the University of Wyoming for taking the subject of password security out of the realm of broccoli and room cleaning. Evidently someone there knows how to grab the attention of the notoriously capricious student mind. Heck, introduce underwear into the conversation - that time-honored, giggle-inducing topic we learn to love in kindergarten - and you make even the most apathetic of users sit up and read. We all are kids at heart, after all.
The picture is from U-Dub's brilliant page on Using Strong Passwords. Once you're done chuckling over the underwear analogies, you'll find that the information is pretty darn serious.
How fast can someone guess your password?
We all know that the bad guys behind phishing and identity theft scams are out to steal our passwords, but thinking that they're hunched over their computers trying out different combinations manually to arrive at our passwords is wrong.
These crooks write software programs that can "guess" passwords far more easily and quickly than you might think. Even desktop personal computers have now become powerful enough that they can process 100,000 encryption operations per second. And here's a sobering statistic: according to the University of Wyoming, if your password has 5 characters and uses only lower-case letters, it can be cracked in under 2 minutes. If it's 6 characters, it takes a bit longer, but it can still be cracked in under an hour!
The good news is that the longer and more complex your password is, the harder it gets for these rogue software programs to even come close to cracking it.
For instance, if you have an 8-character password that uses a combination of upper and lower case, it will take 17 years of computer processing to crack that password. If you add just one more character to your password, you're significantly upping the ante - the University of Wyoming says that it will take over 800 years to crack a 9 character password made up of upper and lower case letters. And if you throw numerals into the mix as well, the rogue programs will have to grind away even longer.
Is your password strong?
eBay has technology that detects whether your password is "strong" or not. If you have a password that our technology identifies as prone to being cracked by known patterns used by password-guessing tools, we present an additional layer of authentication to prevent your password from being broken. Remember how sometimes you see a combination of squiggly letters and numbers when you're signing in to your account? A password-guessing program can't recognize those characters, but a person - i.e. you - can. Despite this additional layer of protection, I'd still say that everyone should change their passwords often, at least every 30 to 60 days.
So here are some tips I urge you to use:
Otherwise, you may end up getting a password wedgie.