eBay Revamps Security Protocols. Should Your Business Follow Suit?

As technology advances and allows for common pain points to be corrected, many of today’s most well-known entities will adopt new solutions to ease the experience of their customers and clients. Take, for example, eBay. The famous reselling site has been taking steps to install an assortment of new features to improve its customers’ experience.

The first of these, referred to by eBay as “One Time Password,” takes the second factor of two-factor authentication and turns it into a single factor. Rather than requiring account holders to remember a password, eBay will send a confirmation code to a user via SMS, which will keep the user logged in indefinitely after using that code to log in, regardless of whether the code was entered on a mobile device or desktop solution.

Additionally, eBay is hard at work to allow account authentication through the Touch ID sensor found in newer Apple devices--also replacing the need to remember a password for those who use Apple products.

In response to questions regarding eBay’s motivations to implement such features for their users’ account security, Senior Director for Identity and Member Communication Product Management Dave Comer stated: “One Time Password and Touch ID Authentication eliminate the need to remember your password when you want access to the eBay Marketplace... We all use so many applications that require passwords and login information that it is impossible for users to remember them all. We want to eliminate the friction entirely."

While eBay’s reasoning does make sense, one has to wonder about the security of the transactions made by users with such features in place. After all, all it would take to become a victim of a financially motivated crime, or even a prank with ramifications far beyond the prankster’s expectations, would be for an employee to leave eBay open on an unlocked workstation. While remembering passwords may be difficult, that difficulty is ultimately to the user’s benefit, as a difficult-to-remember password is harder to guess, thereby being inherently more secure.

The advancements eBay has proposed come with increased functionality for those who use Android Wear devices in conjunction with eBay. Android Wear users will soon be capable of receiving notifications to their wearable that direct them to items that may pique their interests, as well as read and respond to messages via their smart device.

This, too, brings up questions in regard to account security. It has been consistently demonstrated that wearable devices are notoriously less secure than mobile ones, and even less so than desktop solutions. Therefore, unless eBay has implemented some serious security measures, these innovations may be wise to pass on until more evidence is available regarding their security--as is the case with any new developments from a large company.

So what does this mean for small and medium-sized businesses? A whole lot, actually. Many SMBs are taking advantage of two-factor authentication by implementing security systems where the user’s smartphone receives a code when logging into the network. That way, it doesn’t just require a password to get access to your data, but access to that user’s mobile device as well. Plus, new physical security solutions like pin pads and smart door locks can now be unlocked directly with a registered employee’s smartphone.

For more information and advice on how to handle network security in your own operations, be sure reach out to Techworks Consulting, Inc. at (631) 285-1527.