If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that’s tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn’t available anywhere online.
PayPal is selling the security keys directly, although they’re made and maintained by Verisign. According to this technology blog, the keys “will work with many banks in the future,” but Verisign makes no mention of this anywhere on its site. However, if you have begun to use an OpenID on sites like Basecamp, Zooomr, LiveJournal, Technorati, and hundreds of others, then you can create an OpenID account through Verisign and use the security key with OpenID.
If you lose the security key, PayPal says there are ways to verify your account in order to regain access, but they don’t provide details on their website. So, uh, don’t lose it.
[Update: Ben says if you lose your security key, you can regain access to your account by answering a few additional security questions.]
PayPal Security Key [PayPal]
“PayPal’s New Security Key Opens a World of Possibilities” [CaveMonkey50]