eBay’s hack is all over the news today, so I decide to be proactive and change my password. Here’s how it went.
Me: Go to eBay, expect to see standard “there was a problem, change your password” prompt.
Me: No prompt. Maybe I have to log in.
Me: Logged in. Find account settings. Then CTRL-F for “password”. Nothing.
Me: Find “Personal Information” link. Click to find password change link buried in other settings. Click through.
eBay: Hey, you should probably change your password. You know, now that you’re four levels deep in our site and already found the well-hidden password change page.
Me: Okay, time to change password.
eBay: LOL gonna make you enter your old password again, then click on a button to send yourself an email with a link that’ll let me change your password. Instead of just letting you change your password.
Me: Annoying, but fine. I’ll click the link.
eBay: HAHA enter your old password again.
Me: [old password, then new password, twice, because no one’s figured out that maybe displaying a password on screen is okay sometimes]
eBay: Thanks! Here’s another login screen. Enter your new password.
Me: Christ, don’t most sites just have some secure cookie or something so that when I change my password, I don’t have to keep entering shit?
eBay: Please change your password!
Me: What? I just did that.
eBay: Please change your password! But enter your new “old” password first. You know, the one you changed it to two minutes ago. Oh, and your new new password can’t be the one you just changed it to. Also, there will be unclear instructions about ALSO entering a security question that’s below the “submit” button. You can’t move on until you figure it out!
Me: eBay, you’re fucking stupid.