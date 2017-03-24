Investigative journalist Brian Krebs has said eBay has been asking readers to downgrade their security when logging into the website.

Krebs has shown a screenshot of the online marketplace asking a customer to downgrade from a token-generating keyfob to an SMS text as means of two-factor authentication.

eBay said: “We're going to make 2 step verification more convenient by texting you a PIN instead of having you use your token.”

This could be seen as a move for convenience, helping those who might forget the fob but carry their phone everywhere they go.

However, the problem with this is that two-factor authentication has been proven to be highly insecure.

So much so that last year the United States National Institute for Standards and Technology (NIST) recommended it be abandoned.

NIST pontificated that two-factor authentication over SMS messages can be intercepted, making it possible for criminals to intercept the login code.

Krebs wrote: “I asked eBay to explain their rationale for suggesting this switch. I received a response suggesting the change was more about bringing authentication in-house (the security key is made by Verisign) and that eBay hopes to offer additional multi-factor authentication options in the future.”

This article originally appeared at scmagazineuk.com