ORIGINAL VIDEO: PayPal Security Key First Look

Here’s a first look at the new PayPal security key. What it looks like, how it works, how to get it, and whether it’s worthwhile.

The thing with account security is it’s not the first thing that gets ya, it’s like AIDS, it’s all the other assholes the first asshole sells your account to that really rapes ya.

You can get yours from PayPal for $5 here. — BEN POPKEN


Edit Your Comment

  1. Kornkob says:

    We’re burning to know: who are you looking at off screen?


  2. Meg Marco says:

    John Stamos.

  3. r81984 says:

    I have one. It is really worth the $5 bucks.

    I wish credit card companies would adopt a system like this and bundle it with credit cards. That way you would need the physical card with the unique ID to use it online.

  4. nweaver says:

    I don’t. I don’t want one for each credit card, one for paypal, one for schwab, one for my bank, one for my VPN….

    There is a reason for PUBLIC key cryptography.

  5. Kornkob says:

    @meghannmarco: I always knew there was something creepy about Ben and now we know:

    Ben has John Stamos tied up in his apartment.

    On topic:

    Now, if only Paypal would start treating their custoemrs right….

  6. Ben Popken says:

    @Kornkob: The truth.

    Actually I’m watching the monitor of myself. I need to work on looking the camera in the eye.

  7. Meg Marco says:

    @Ben Popken: John Stamos.

  8. csnoke says:

    Hey tubby,
    Quit babbling on about your limited security system knowledge, youtubing about paypal.. and go run a mile.
    Your Cardiovascular System

  9. royal72 says:

    lol, how much you gettin paid to advertise paypal ben?

    seriously though, i already give paypal a shit load of money to use their service and now they want me to pay more for what’s their responsibility as part of the service i have already paid for?! uh, no thanks and fuck you paypal.

  10. B says:

    Credit cards and other financial institutions are required by law to have what they call “dual factor” authentication for online access. What it means is in order to access your account you need to provide your username/password and information that’s only available on some physical thing, like your atm/credit card. For situations where there is no card, they’ll require a security key like this one.

  11. mopar_man says:

    @royal72: This is how I feel about it too. Lately I’ve been using money orders a lot more to pay for items I buy.


  12. homerjay says:

    How long did you practice that ‘reveal’ in the first 5 seconds of this video? Looks like somebody picked up a copy of ‘Slight of Hand for Dummies’

  13. Ben Popken says:

    @csnoke: A good way to get your history of troll-like comments examined is to call the editor fat. Banned, jackass.

  14. CoolTri says:

    I just got mine about a week ago.
    The fact is that there are so may Phishing emails, being used. If you get tricked into giving up your PayPal/eBay login information your screwed.

    With this, if they do not have that Key number, they are not getting in. If you do happen to give that key number they will have less than 30 seconds to use that number or the information is useless.

    This will also make it more difficult for phishers to generate an authentic login page.

    This is kind of a double edge sward, it covers your back in and more importantly covers PayPal/eBay

  15. willy_wonka says:

    ben looks like max from saved by the bell. (and you’re not fat at all, ben)!

  16. bambino says:


    I feel a banning coming on….oh look there it is!

  17. spanky says:

    @royal72: I totally agree on the PayPal hating. I’d never use them. But recommending ways to make PayPal suck less is a good thing. Plus: That thing is pretty cool. I want one, even though I have no use for it.

    And thank you meghann, for pointing out the Stamos subplot. I almost missed the King of Comedy homage! (Hmmm. Pupkin-Popken. Coincidence?)

  18. FutureRoadie says:

    Free for buisness accounts! I just got mine yesterday (3 weeks after I ordered it.

  19. Ozyman666 says:

    But what happens if you lose it?

  20. kevjohn says:

    Could’ve done without the AIDS comment. The rest is just a *YAWN*!

  21. medalian1 says:

    I second the paypalsucks.com website. I usually include their logo in my auctions (yet they still bid and try to pay with PP, idiots!). This key is a giant pain in the ass per my friend. OK your sitting there at the auction and buying some crap. You go to checkout via paypal. You have to get off your fat ass and find your key.

    If people would stop responding to phishing scams this wouldn’t be needed.

  22. faust1200 says:

    @spanky: Lol!!! Pupkin->Popkin. I love that movie! Go see if your local video store has it in the comedy section and then laugh at them…laugh and laugh.
    Stamos IS single now isn’t he..hmm.

  23. grant0 says:

    @csnoke: Chugga chugga chugga chugga CHOO CHOO. Here comes the ban train!

    The AIDS comment was probably not wise, mind you.

  24. mefirst says:

    Have you ever had a friend die from AIDs? Ever met a kid that was born with HIV? These are sincere questions.

    If your’e going to enter scary territory while attempting to be funny, you should do it with appropriate levity for your surroundings–and I think a $5 piece of plastic to let you sit at home and click buttons for payment on other plastic objects is not worth the attempt at humor.

    What I’m saying is — I doubt you’d yell nigger fuck faggot in a crowded theater.

    Besides, the comment fell flat–all it points out is you’re angry about your sexual partners–why are *they* assholes? Didn’t you choose to sleep with them? ….unless you’re also being jovial about rape, in which case I guess any point in reasoning is about pointless.

    I wish I felt so much indignation about my shiny objects, must be nice up there. Most of us have more pressing things to worry about.

  25. dalasv says:

    I guess I really don’t understand how anyone could get taken in a phishing scam. I mean why not just always log in at the actual paypal homepage? Type it into your address bar and log in. Every email you get from “paypal” asking you to log in is always a phishing email, so you can pretty much just ignore them all.

    Of course, I’m on a Mac, so maybe there are some PC Malware tricks that I am unaware of.

    And yeah, everyone saying paypal should give these away is right.

  26. FreakyStyley says:

    The AIDS analogy was apt, kids.

    Self-righteousness makes baby Jesus cry.

  27. Juliekins says:

    @dalasv: Back in 2004, some of the Paypal phishing sites added insult to injury by infecting your PC with Bofra when you clicked a link in a phishing e-mail. It took advantage of an IE vulnerability. Still, a lot of less savvy users can and do get taken in by those e-mails.

    I do see a day when the two-factor identification via token will get out of hand, but for now I really love my PayPal key. (Sidenote: who thinks it will be necessary to cart around every single token for every single service you use all the time? I don’t.) I’ve encouraged all my family and friends that use PayPal to get one.

    nweaver, I’m not sure that “PUBLIC key cryptography” means what you think it means.

  28. Ben Popken says:

    @mefirst: Nope and nope. I used AIDS based on its mechanics: an attack that weakens your immune system, allowing for other diseases to infect. AIDS victims don’t die from AIDS, they die from pneumonia, and the like.

    I could’ve said, “it’s like an immuno-defficiency virus,” but I think the point might’ve been lost…

  29. Tim Matheson says:

    Hey Ben,

    Have you been hit’n the coffee? You look like me around 2pm after several double mochas. Just giving you shit. Your either really energetic or just plain wired.


    Tim Matheson

  30. elljay says:

    It’s standard two-factor security. One, you know (your password). Also you must physically have the key fob. (It changes the key every 30 to 90 seconds.) This is standard in most large companies for VPN, etc.

    In this case the ‘fob’ (the keychain thing) resembles a standard RSA SecurID keychain generator. http://en.wikipedia.org/wiki/SecurID/

    The security is outstanding. But if every site wanted to use this idea you’d need a huge keychain to keep everything sorted out.

    Good idea Paypal. I’m glad to see you’re intrested in your customer’s best security intrest. Unfortunately this implementation as it currently exists will not work as more vendors attempt the same approach.

    Overall we need a new version that supports two-factor keys across multiple financial (or otherwise) sources on one portable device.

  31. orbraveheart says:

    i like how they do online purchases here in Korea. you buy something online with your credit card or even just your phone number. it sends you a text message with code, you enter code into web browser and purchase is completed. almost everybody has cell phone here though, so not sure how well something like this would work in North America.

  32. Matthew says:

    I enjoyed this post, with Ben’s strange charisma in the video and the csnoke’s satisfyingly righteous banning. But the last thing I need is another easy-to-lose plastic gew-gaw. Maybe I’ll sing a different tune after phishers have emptied my checking account, but I don’t predict that happening. And until it does, this gadget would make my life less, not more simple.