Arstechnica: eBay has finally stopped burying its own advisory to change passwords following a major hack on its corporate network by adding an important password update to the top of its home page. Now, engineers should turn their attention to flaws on the site’s password reset page that may prevent users from choosing passcodes that are truly hard to crack.
Chief among the imperfections is eBay’s meter that labels chosen passwords as “weak,” “medium,” or “strong” depending on their resistance to common cracking techniques. It showed “Stlk/v/FqSx”lireFTzidyS/m” (minus the beginning and ending quotation marks) as being weak, even though the password has 25 characters that include a mix of upper- and lower-case letters and symbols, plus it isn’t included any obvious dictionary or word list. (Thanks to@digininja for the example.)