PassLab
Shopping

Password for
eBay

eBay requires a minimum of 6 characters including at least one number or symbol, accepting uppercase, lowercase, numbers and symbols, but that minimum is far too weak for an account tied to buyer and seller funds, saved payment methods and your transaction history. A six-character password falls in moments if a hashed database leaks, opening the door to fraudulent purchases or a hijacked selling account. The practical recommendation in 2026 is a 14-character random string mixing all four character types, which delivers roughly 92 bits of entropy — enough to demand centuries of GPU effort and remain computationally infeasible to crack offline. Generate one below — it is created inside your browser using the Web Crypto API and never sent to a server. Once set, enable two-factor authentication so a stolen password by itself can never unlock your account.

Generator
min 6
StrengthVery weak · 0 bits
Time to crack
instant
at 10 billion
guesses / second
14
664
Generated with crypto.getRandomValues() — never leaves your tab.

eBay password rules

Min length
6 chars
Security note

A strong, unique password combined with two-factor authentication is your best protection against account takeovers.

The maths, specific to eBay

A 6-character password over a 94-character alphabet yields only about 39 bits of entropy, which a contemporary GPU cluster strips from a leaked hash in well under a second, and reused-password dictionaries shorten the odds even further. A 14-character random string lifts that to roughly 92 bits. NIST SP 800-63B measures memorised-secret strength by length and randomness rather than rigid composition rules, and its commonly referenced 80-bit threshold for surviving offline attack is a bar that 39 bits fails while 92 bits clears with room to spare — moving an eBay password from instantly recoverable to effectively uncrackable.

Why eBay accounts are targeted

eBay accounts are prized because they sit on top of real money: stored payment methods, linked balances, buyer purchasing power and, for sellers, payout details and reputation. eBay has also been the subject of one of the largest breaches on record — the 2014 incident exposed data for roughly 145 million users — which is exactly the kind of leak that fuels later attacks. The core mechanism today is credential stuffing: attackers replay email-and-password pairs harvested from other breaches against eBay's login, relying on password reuse. A successful takeover enables fraudulent orders, scam listings under a trusted name, and drained funds. A long, unique, randomly generated password never appears in those leaked lists, which is what stops the attack.

Source for eBay's password rules: eBay's official help page.

Common questions about eBay passwords

Reviewed by Marcin Lewandowski — product designer, 20+ years building digital products and privacy-respecting tools.

Last reviewed: . Reviewed quarterly; primary sources re-checked each review.