PayPal, the online payment company owned by Internet auction giant eBay, is selling a “security key” to help customers prevent their accounts from being hijacked if someone guesses or steals their passwords.
The key is a small, oval fob that generates a random, new six-digit passcode every 30 seconds, using technology purchased from Verisign Inc. In addition to entering their user name and passwords, PayPal customers who sign up for the program will be required to enter the passcode before being permitted to log on to their account. PayPal says it will waive the one-time $5 fee for its business account customers.
Armed with one of these keys, if you were to log on to your account from an unfamiliar computer and some invisible password leeching program were resident on the machine, the “bad guys” would still be required to know the numbers displayed on your token, which of course changes every 30 seconds.
For years, PayPal and eBay have consistently been among the top three targets of phishing attacks, online scams that use e-mail to lure people into entering their login credentials at look-alike Web sites. This technology certainly has the potential to make it tougher for phishers. Nevertheless, as last year’s attack against Citibank’s business customers showed, physical access tokens only work against phishing so long as the phishers don’t also ask would-be victims to enter the six-digit number displayed on their personal tokens.
PayPal says even users who lose their physical token or don’t have it in their possession when they want to login can still access their accounts, and that such users will be asked to confirm their account ownership. Users will be asked to enter their full credit card number or bank account.
I ordered one to become more familiar with it… although I wonder how many customers will pony up the five bucks for this device. What about you, does this appeal to you, and is it worth it?
Related Posts: On this day...
- Avicii - Super Mario World Levels - 2012
- Intel's Chase Film - 2011
- HOWTO: Avoid online tracking (Hint: you can't) - 2011
- The tale of /b/ and LUKEYWES1234 - 2010
- Netflix Is Losing New Release Rentals - 2010
- Twitter Cracker Says Admin Password Was "Happiness" - 2009
- Twitter IRC server: tircd - 2009
- Become a virtual Texas Deputy - 2009
- iTunes: All songs DRM-free (but keeping DRM for audiobooks & video) - 2009
- 4chan strikes again with push to make symbol top Google search - 2009