After the eBay database breach, all users are being asked to change their passwords. However, many people are rightfully complaining that the password reset form prevents them from pasting into the form fields, which makes it difficult to use long, complex passwords. Although, there has also been much criticism of eBay’s password length and complexity requirements being too lax.
Ars Technica has a good article at After the breach: eBay’s flawed password reset leaves much to be desired describing the various flaws.
In changing my own password, I was determined to use a complex password that was the maximum length (20-characters) and to ensure that the password was correctly recorded, I needed to be able to paste that password into the form fields.
The instructions below are for Chrome on Windows, but this should be similarly possible in other browsers:
- You should now be able to paste into the password input fields (but be mindful of the 20-character limit).
- Submit the form.
If you happen to enter more than 20 characters, the form will be submitted successfully and your password will be successfully changed, but the password will be truncated to the first 20 characters.
For those of you who reluctantly used a less secure password due to the limitations of the form, hopefully this allows you to reset your password again and use a more satisfying password.
There is no gear icon after ctrl+shift+J – doesn’t work, no ‘general’
1) Disable ebay script with noscript without reloading page,
2) Paste pw,
3) Re-enable script without reloading page
I’ve had the same experience with Ebay today.
I tried to reset my password because I couldn’t log in to reclaim a £5 voucher they’ve emailed me.
Noscript successfully blocked them and the reset went through flawlessly.
Thanks for the fix! Hard to believe the ebay form is still broken like this.
Worked. Thank you! Super helpful.
Ebay password fields still truly awful. Will not permit pasting from password manager, limits password complexity to that which can be memorized and not cryptographically random.