PayPal Security Key

calendar Posted on July 22, 2007   comments 14 Comments

PayPal security key Have you seen the PayPal Security Key yet? Steve Gibson mentioned it in a recent Security Now podcast — I don’t know how long this has been an option, but for $5 I’m definitely going to order one.

Why should I use the PayPal Security Key?
Because it gives you an extra layer of security when you log in to your PayPal or eBay account. Most websites keep your online account safe by only asking for your user name and password to verify your identity. The PayPal Security Key gives you an additional security code that only you know about. That makes your account more resistant to intrusion. Plus, the Security Key’s easy to use.

More info at the FAQ page if you’re interested.

Basically, every 30 seconds this thing generates a new 6 digit code. When logging into PayPal, that code becomes part of your password. Thus, not only is your userid and password necessary to login, but you also need to have this device in your possession. Much more secure.

Back when I worked for American Express, we used little widgets like this as part of the VPN login process. I loved it. In (up to) 10 days, I hope to love this as well.

Any readers already have one? Thoughts or impressions that you’d like to share?

tags Tags: , ,

Related Posts Possibly Related Posts

Comments

14 Responses to “PayPal Security Key”

  1. Ray on July 22nd, 2007 11:10 am

    I’d have to use Paypal more for this to be worth having. If I were using Paypal on a regular basis five bucks really isn’t a bad deal for the peace of mind you get. I’ve been lucky so far, but I’m always worried about the security of my accounts.

  2. Nathan on July 22nd, 2007 1:50 pm

    I have had one since a few days after they came out. I don’t use Paypal more than once a month, but I wanted to encourage this kind of technology. Two factor authentication protects me, Paypal, my bank, and my family’s financial stability. Even if they get my Paypal log in info, it would be pretty tough to do much with it. The biggest plus: it is easy to use.
    I read about on Bruce Schneier’s blog when they first announced it:
    http://www.schneier.com/blog/

  3. Leah Maclean on July 22nd, 2007 5:41 pm

    I would definitely recommend this Chris. I’ve been using one since they were released and even though I only use Paypal 2-3 times per month I like the peace of mind it provides. My bank uses a similar technology where they SMS an authentication number to my mobile when I do a payment transfer. I would prefer it if the bank followed Paypal’s lead and issue a separate device. I’ve been very happy with it.

  4. Chris on July 22nd, 2007 6:12 pm

    @Ray - I don’t use it more than a few times each month either. But hey, $5 is nothing for that second factor authentication!

    @Nathan - Must’ve been stealth marketed… never even knew it was an option until this week. I ordered mine last night as I wrote this article. :-)

    @Leah - I like that SMS thing too… I hadn’t heard of that before.

    Now, if more institutions using these RSA keys would allow us to share our key across them… of course, perhaps that then increases the “value” of the key. Maybe not so great?

  5. Collin on July 23rd, 2007 6:16 am

    While we don’t use PayPal, we have something very similar that our organisation uses for authentication to a secure server on dial-up for our roaming laptops.

    It’s called Secure-ID and it costs a heck of a lot more for the key-fob than the PayPal version! Works a treat though and if (when) they release the PayPal version in the UK then I will definitely be getting one!

  6. Chris on July 23rd, 2007 6:31 pm

    Hey Collin,

    I wonder (suspect?) if this PayPal key is also a Secure-ID product. Those are what I used at past jobs and my understanding was that the RSA folks pretty much had a lock on the market for this stuff. Maybe?

  7. Bryan @ One Man's Goal on July 24th, 2007 9:06 pm

    Thats a pretty awesome product.

    I’ll have to look into that one too!

  8. Crissy on July 25th, 2007 12:10 pm

    Wow… I hadn’t seen this yet, but it makes a lot of sense.

  9. Harvey on July 26th, 2007 4:09 pm

    $5 is very cheap for this extra security. My wife had her Paypal account hacked the other day and $89 went missing then came straight back as Paypal figured out what had happened.

    But for $5 and a small amount of extra inconvenience, I’m definitely getting one.

  10. Chris on July 27th, 2007 9:36 pm

    Harvey, I agree. $5 is nothing for this amount of comfort. :-)

  11. Jeremy Jefferson on August 1st, 2007 4:54 am

    Ray, doesn’t matter how much you use your paypal account. If paypal has access to your bank account, credit cards, or just your personal information you should safeguard it. I hope other sites that I give my credit card information to and stuff has this, like Godaddy.com.

  12. Daniel Goad on August 2nd, 2007 2:29 am

    I was invited to participate at no cost when the program was rolled out. I received the key fob and activated it with no problem. They have made it SO EASY to use… you can log in with you email address and password, just as you always have. It will then show a screen asking for the 6-digit fob number. However, for a quicker login, you can use your email address as always and enter your password + 6 digit code (i.e., password123456) and it will log in directly.

    My big concern was loosing access to my account if I lost the fob. It is a little too big for me to carry on my keychain (it seems everyone adds something to my keyring). And it finally happened, I needed to access my account and couldn’t find the fob. I tried to log in with just my password and the screen asking for the fob’s code came up. I realized that there is also a link to log in without the fob. This asks 2-3 security questions, which lets me access my account if I need to no matter what — but I don’t have to worry that all of my bank accounts and credit cards are linked to this account. Now I can use it to access and move my money in the way I want to.

    I am becomming a huge fan of PayPal. I use my PayPal debit card more than my checking account debit card. They pay an immediate cash back bonus every time I use it, I earn interest on funds in my account and if I use my debit card attempting to spend more than is available in my PayPal account, they pay it and draft the difference from one of my bank accounts (backup funding account). YOU CANT BEAT IT!!

  13. Matt Johnson on February 5th, 2008 11:00 am

    I just ordered my PayPal Security Key today. I only use paypal a few times a year, but I’m thinking I really need something else to loose to cause me distress. :) Maybe the paypal/ebay/skype conglomerate will eventually have an OpenID product. That would be kickass. Also I see Chris is using his key with a Verisign OpenID product which may also be interesting.

  14. Chris Kasten on February 5th, 2008 1:08 pm

    You can use it with eBay right off the bat. And I use mine with Verisign as you noted. Gives me 2 factors on my OpenID which I dig :-D

Leave a Reply




Have you read the Comments section on the Disclaimer page?

About

Wandering the Internet, looking at all things bright and shiny. Playing with many, writing about some. More …

Recent Posts

Recent Comments: