Order Your Paypal Security Key Now

PayPal security keys are now available for purchase, offering consumers the option vastly enhanced protection against account breaches.

The ID token generates a new, security code every 30 seconds. When you login to complete a PayPal transaction, you must enter the six-digit code. Your token is unique to your account.

The security keys are now available for $5 purchase at PayPal.

Even if you’re a dumbass and get successfully phished and enter your email, password, and token id, that information will only be good for 30 seconds. The worst part of many account breaches isn’t the first attack, it’s the 100 other guys the info gets sold to. — BEN POPKEN

PayPal Security Key [Official Site]

Comments

Edit Your Comment

  1. phloighd says:

    Guys, why are you shilling for paypal, one of the most anti-consumer orgs the net has ever seen? If I buy this thing, is that going to stop paypal from forcing me to waive my legal rights to consumer protection? Seriously, guys, wtf?

  2. abelincolnjr says:

    I just got one, thanks for the tip!

  3. Starfury says:

    Phloighd:

    Admittedly PayPal does suck to some degree; but it is accepted for most Ebay transactions and many online stores will also take it. By adding the token it gives an extra layer of security to the end user. I haven’t had a problem with them (yet) and will continue using them for my Ebay purchases. I don’t know if I’ll shell out $5 for the secureID token though.

  4. phrygian says:

    Perhaps I’m just ignorant, but shouldn’t this extra protection be offered for free for any Paypal account? I could see charging a fee for postage, but I highly doubt mailing a keychain costs more than $3.

    That said, I will probably buy one… if only because I foresee a time when they won’t give a crap that your account was compromised unless you have the security keychain.

  5. missdona says:

    They should protect my account for free. I pay enough in my paypal vendor fees that they can totally supplement or alleviate this moneymaking strategy.

    Bastards.

  6. TheDeadEye says:

    “Since you’ll need to use your Security Key every time you log in to your PayPal and eBay accounts, we’ve made it small and portable.”

    Oh, screw that. I’m not going to go on a “find the dongle” hunt every time I want to check something on eBay.

  7. pete7919 says:

    Missdona -

    Maybe you fall under the asterisk? It’s says the fee is waived for Business accounts.

    I’m happy to be an asterisk. I think.

  8. LatherRinseRepeat says:

    This thing will probably be mistaken for a bomb. Someone please send a memo to the city of Boston.

    But seriously, $5 isn’t too bad. These things are usually $50 – $100 for the keyfobs. And the software itself runs in to the thousands of dollars.

    Is it really necessary? Probably not. If you’re savvy about phishing scams, update your passwords frequently, use complex passwords.. you should be fine.

  9. HaxRomana says:

    I’m thinking about all the people I know – relatives, coworkers, etc. that take at least 30 seconds to type their NAME, let alone a random six digit number.

    This will be super entertaining to watch.

  10. moooster says:

    The added benefit is only slightly more secure because there is an easier way around this authentication scheme. I’m guessing someone with basic personal information on you could bypass the use of the security key.

    From their Security Key FAQ:
    # What if I lose or break my Security Key?
    You can still log in to your PayPal account if you lose or break your Security Key, or if you don’t have it in your possession. Before you can log in, we will ask you to confirm your account ownership.

  11. warchild says:

    I used to work for a company for over 5 years who utilized the RSA SecurIDs (http://rsa.com/node.aspx?id=1156) for nearly every application we used. I know that these devices are somewhat helpful, but are not full proof at all.

    Yes, the number on the device does change every 30 seconds, however, from my experience with the company, many employees have had their work accounts compromised. Phishers would setup a phishing web site, you would enter in your username, password, and SecurID code then click on a submit button. It would send all that info via to the phisher instantly, while you are bringing up a second page telling you that your SecurID code is wrong, and to enter it again when it changes numbers. You enter it in again for the second time and yet again, it does the same thing for a third time.

    Now the phisher has at least a minute and two seconds to work with your login details. While the time frame does not seem to be large, it is plenty of time for them to do so. I have not personally seen it happen in the location where I worked at in the last couple years, but for the first three years it seemed to be the norm and the new employees would fall for it.