May 28, 2014, 2:12 PM — Last week after millions of eBay accounts were compromised, I changed my password, like a dutiful (and cautious) netizen. Changing passwords is a hassle in itself, but eBay's (and other companies') password policies make the experience downright excruciating.
For example, on the eBay password reset page, you're told the password must be at least 6 characters long. I fire up my password manager (1Password) and generate a random one 16 characters long, containing a mix of uppercase and lowercase characters, numbers, and symbols. Hit enter to paste it in, but, nope, eBay doesn't allow pasting into the form fields.
So I painstakingly type it in, twice, and, nope again. Something--who knows what? eBay won't tell me--is wrong with the password.
So I change some of the symbols and type in the new password (again, twice). And then I'm told the password is too long.
This happens way too often when trying to create or update a password. It's infuriating, especially when sites offer their strong password guidelines like "use as long a password as possible." Fine, but how about letting us use a long password, then? Or at least telling us how long it can be? And exactly which characters you don't allow (like spaces or asterisks)?
We're generally not great at picking secure passwords out of the air, but policies like these and the lack of clarity don't help either.
This is just your average rant, but it's also a plea for help from the powers in charge of password policies. There has to be a better way.
P.S. I also did not get an email from eBay about resetting my password until 5 days after the news broke. Smh.
Read more of Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.