Summary: Account security standards and account access recovery procedures continue to evolve in the industry. Please make sure you have a current email address tied to your account, and unless impossible for some reason, a valid phone number capable of receiving SMS/TXT messages. Failure to do so may result in loss of system access in the near future.
- Email addresses remain the primary way to reset a forgotten password, but that hasn't been able to help hundreds of users in the past that forgot their passwords after their email address on file became deactivated.
- Please use an email address on file with a reliable service. We are likely to soon ban @excite.com email addresses. Few people use @excite.com any more and their servers basically don't work.
- Please keep a current phone number on file and valid name and address. We've never sold any user contact information.
- We will likely add SMS/TXT as an additional account recovery tool in the coming months.
- We are likely going to implement some two-factor authentication in the next 6 months (where we text you a code). At very least, it's likely to be required of anyone selling on the site.
- We are likely going to start resetting (disabling) accounts that have not had activity in a period of time (1-6 months), which will require a valid email address on file to reset.
- If you get locked out of your account and don't have valid contact info on file, you might have to start over and create a new account and pick another username. Providing customer support for such cases is providing too challenging due to the efforts required to verify someone's identify when our information on them was so limited to begin with.
- If you can't change your username because it says your new email address is already in use, it's because you have more then one account. Yes, really you do. Even though you think you don't. We've seen this hundreds of times before. Contact us for help to merge your accounts before you lose access to the one you care about.
- We are going to experiment with checking password hashes during login attempts against public breach databases. If we implement this, many of you are expected to be required to increase password complexity.
- We want to make it easier to sign up for this site.
- We want to continue to maintain member account security best practices, and make it as tough as possible for bad actors to use our systems. Bad actors include scammers, spammers, and bots up to who knows what.
- We want to know who are members are, particularly those looking to sell items on the site.
- We want to reduce time spent with customer service issues, which directly takes away from site development time.
Last edited:
