There are several things that eBayers can and should do to make their eBay accounts (and all of their online buying experiences in general) safer, easier and more pleasurable. While you have probably heard most of this advice before, it is still amazing to learn of how many people fail to heed it. Hopefully this guide will help some of you bring order and safety to your online lives and help put an end to this recent rash of account hijacks and other scammy activity.

Password Safety:

• Choose a Secure Password - These days, cracking a password can be easily done through brute force techniques. Brute force cracking basically involves attempting to guess a password using an automated process starting with the first possible combination and ending with the last possible combination and all combinations in between, the idea being that sooner or later the program will guess the correct combination and breach the account. Faster internet connections, better CPUs and cheaper computers make it possible to for crackers to attack increasingly complex passwords over a much shorter amount of time. The key to a safe password is that it: not contain words phrases or syllables found in a dictionary, contain a mix of letters, numbers and special characters, preferably in mixed case and be as long as possible. Last month, my eBay password was: "$15@$M7@#ps#w1jil_". This is about as secure as it gets for passwords. Notice that the string is alphanumeric, contains no words, phrases or syllables found in a dictionary and makes use of multiple special symbols.
• Use Different Passwords for E-Mail, eBay and PayPal - Using different passwords for these three services is absolutely crucial. A crook who compromises your e-mail password can proceed to gain control of your eBay and PayPal accounts simply by reporting that he "lost" the password to those accounts. New passwords are then dispatched to the e-mail account which he has commandeered control over. But a crook who compromises any one of these passwords will automatically try that password on the other two services and - more often than not - now have control to all three.
• Outsmart the "Secret Q&A" Scam - Many sites have a backup routine to retrieve your password when you lose it. When you open the account, you select a secret question and then provide the answer to that question, the idea being that when/if you forget your password, they'll e-mail your password to the e-mail address on file. Questions often include "What high school did you graduate from?", "What was the name of your first pet?", "What is your mother's maiden name?" and "What city were you born in?". The answers to all of these questions can easily be found by highly pinpointed searches online. School information is often found at classmates.com and myspace.com and maiden names and birth records are public records open to anyone for a fee. I am honestly surprised that this joke of a security method has still lived on, but do not let it fool you, this adds no security to your online existence and in fact provides a weak area ripe for attack. The best way to shore up this potential breach in the levy is to pick any secret question, and then instead of answering the secret question, put another secure password down (see tips above for making truly secure passwords) as the answer. It will be impossible to guess even by people who know you (or know how to dig up info about you) and thats the whole idea.
  
• Change Your Password Regularly - Passwords should be changed regularly. I rotate my passwords every thirty days for all accounts, but quarterly is sufficient for most users. This is to be used in conjunction with the other techniques described above, not as a replacement for them.
  

E-Mail Safety:

• Verify Strange E-Mails - Most phishing e-mails take the form of phony account suspension notices or requests to update your information. Verify the authenticity of any e-mails that ask you to take actions like updating info or threaten suspension or restriction of your account by looking in My Messages to see if they are there as well. If they are not there, they are not from eBay and probably should be ignored. You can report them to eBay by sending them to spoof@ebay.com, but you are likely wasting your time in doing so. There is little eBay can do with the e-mails other than tell you not to act on them, which you should have already figured out for yourself.
  
• Never Click a Link in an E-Mail - If an e-mail directs you to go into your eBay account and do something, for instance, respond to a Unpaid Item Notification (UPIN) instead of clicking the link in the message, use a bookmark (or open your browser and type in www.ebay.com) to access the main eBay page, login and then go and perform the requested action by navigating to that place without using links in e-mail. This will ensure that you are on the real eBay site and not a phishing site.
  
• Don't Rely on 'Idiot Programs' for Protection - All of the major web browsers offer built in "phishing protection" that will supposedly alert you if you land on a bad site. These programs are all poor attempts at increasing safety online because they rely on the computer to do the thinking for the user, when the user should be thinking for himself with the aid of the computer. These programs will not detect every bad site and some of the sites they say are bad will be perfectly legitimate. Educate yourself and rely on your own intellect to protect you, rather than installing programs that you don't understand and then trusting your safety to them.
  
• Never Open Most Attachments - There is never a reason for anyone on eBay to send you an e-mail attachment other than a plain text file (.txt), image file or portable document file (.pdf). Even these should not need to be sent in most cases. Unless there is a very good reason for it, avoid opening attachments. Attachments can and often do contain viruses or crapware. Don't be afraid to reply back to someone telling them to figure out a way to send whatever they are sending in something that is not an attachment.
  
• Read E-Mail in Plain Text - Electronic mail was never meant to contain HTML, embedded graphics or scripting and things that blink and wink at you when you mouse over them. While these Microsoft-added abilities make e-mail more 'fun' and more 'personal', they also make it infinitely more dangerous. Malicious code can be hidden in an HTML message that can be set to download programs to your computer, change settings on your browser or computer or redirect you to a fake site without your awareness of this. Reading e-mail in plain text strips away most of these hazards.
  

Terminal Safety:

• Anti-Virus Programs - Ensure that at least one reputable anti-virus program is installed, working and updated with the latest available definitions.
• Anti-Crapware Programs - Using a program like HiJackThis or Ad-Aware will help keep your system free of malicious software that doesn't fall into the virus category. No one program will catch everything, and your best bet is to run at least three different programs that are currently getting good reviews in the computing press. Good programs are often recommended in computer magazines like PC Magazine, Computer Shopper or Laptop Magazine. What one program misses, another one will likely get.
  
• Firewall - Every computer connected to the internet needs a firewall of some sort. If you have a router (as many cable and DSL customers do), chances are it includes a firewall and a fairly good one at that. Familiarize yourself with its settings and how it works. Use it, and make sure your computer is not plugged into the DMZ port, which will basically be completely unprotected, unless you know what you are doing. Otherwise, you need a program like Black Ice Defender or Zone Alarm.
• Consider Getting Rid of Internet Explorer - Microsoft's Internet Explorer has always been a source of many, many security vulnerabilities. Malicious code in websites can often utilize the numerous shortcomings in Microsoft security to compromise your system in all sorts of ways much in the same way HTML mail can. Using a browser like Firefox is much more secure and will ensure that most of today's browser exploits simply wont affect you.
  

Personal Safety:

• Meeting Fellow eBayers - If one eBayer desires to meet another eBayer in person, you have a decision to make. You can either go through with it, impose some restrictions or shy away from it. Myself, I have met plenty of customers in all sorts of locations including private homes and warehouses and even in the middle of the night. It doesn't bother me, I have never been hurt or even been uncomfortable meeting any of these people (though one of them did have a body odor problem that was something to be reckoned with)! The fact of the matter is, you have a much better chance of being killed in a car accident on your way to meet the other party than you do of actually being hurt by the other party. I have heard that other users approach this situation with everything from confining meetings only to daylight hours, only to public places, only at the post office, only in front of the police station or in some cases ruling it out completely. In the end, there is no right or wrong approach on this. Do what feels right. If it makes you uncomfortable, don't do it.
• Privacy - eBay requires you to put on file a valid, working phone number that is your own. This number is available to anyone you have done business with simply for the asking (together with your actual address). eBay does not require you to answer the number you put on file, or that it be you home number. Consider getting a voice mail account and give them that number. Sellers should especially consider this, take it from a fellow seller, buyers think nothing of ringing you at 3 AM with their various complaints. Unless your intent is to provide 24/7 phone support, you should consider doing something to control how accessible you are by phone. Providing eBay with your home phone number allows others to run a reverse trace using this number and in most cases determine where you live, which might be undesirable for several reasons. PO Boxes usually cost about $30 a year, and using one as your registered address (as well as your send payments to address, if you are a seller) will go a long ways towards enhancing your safety. Most sellers ship USPS and thus can ship to a PO Box. Some sellers may refuse to ship to one (which is their right) and you'll have to choose between divulging your home address, having them ship to an alternate address (like work) or just not doing business with them period.
  
• Take Threats Seriously - When another party threatens to do you harm, take them seriously even if you think they are kidding. There are plenty of mentally defective people running around loose out there and some of them have eBay accounts. I had one buyer threaten to send a (supposedly) defective product back "with a extra little something to go boom". As soon as I read the message, my first call was to 911, the second call to the postal inspectors and the third call to ATF. Anyone who ignores threats today is simply a fool. I also reported it to eBay (of course) and they proceeded to do absolutely nothing. The buyer is still an active, registered user.

Firefox Users: This section contains recommended plugins for those who use the Firefox web browser.

• Secure Password Generator - Allows you to hit a button and have a truly random password generated based on parameters you set. Very useful for generating passwords that are secure (see above).
• In Form Enter - Allows you to remember all of those super secure passwords and keep them at hand. You can also fill them in with a single click. This method of "remembering" passwords is only acceptable if all of the people who can physically access your computer are authorized users.
• Copy Plain Text - Allows you to highlight text and copy it to other documents or messages without the hidden HTML formatting behind it. Saves time and makes it easier for plain-text e-mailers to get stuff done.