PayPal users should I get & use the Security Key?

Discussion in 'privacy general' started by zapjb, Apr 17, 2008.

Thread Status:
Not open for further replies.
  1. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres


    PayPal users should I get & use the Security Key? It's $5 btw. Thanks.
     
    Last edited: Apr 17, 2008
  2. boonie

    boonie Registered Member

    Joined:
    Aug 5, 2007
    Posts:
    238
    Well, I use it. It does add another layer of protection:
    Something you know (password) + Something you have (key).

    I keep it on my key chain. It's easy and fast to use. Just push the button and you get your 6 digit security code. The code displays for 30 seconds before it resets.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    I bought it because I'm going to be pulling up stakes & using others computers for 1-3 months. So I'm leaning towards a little extra security for $5. Hope it gets here b4 I move. Thanks.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    im confused about this.
    ok so you type in your password and then press the button on the keyfobe and type in the 6 digit in to the computer and the servers verfy it?

    the keyfobe is just a keyfobe with a button and little screen right?
    so how the hell does the server know if that 6 digit code you typed in was the one on the device for 30 seconds?
     
  5. boonie

    boonie Registered Member

    Joined:
    Aug 5, 2007
    Posts:
    238
    "The Security Key creates the account access code by using a complex algorithm that's unique to your device."

    PayPal info page

    That's all I could find at PayPal. I know Steve Gibson spoke about the algorithm on Security Now (where I first heard about it), but I've forgotten the episode #.
     
  6. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Let's just say "it works".
    When I don't type in the 6 digits from my token, log in won't work. So in case my defense on my pc is breached and some keylogger got hold of my password, without the number from the token (constantly changing) it won't work.
     
  7. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    I got mine
     
  8. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I've got such a device from my bank, it works...
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,059

    Same here. I got one for paypal, as I can see it being useful, and want to link a bank account, but just wasn't satisfied with password protection. This solves the problem.

    PEte
     
  10. Teknokrat

    Teknokrat Registered Member

    Joined:
    Apr 20, 2007
    Posts:
    95
    Location:
    First Life? (Sweden)
    I can't find info on what geographical areas this offer covers. When I'm logged in on PP and follow the link to the orderpage i get this message:
    I have tried several times over a period of days but no go.
    Is it an offer for the US market only?

    regards,
    T
     
  11. boonie

    boonie Registered Member

    Joined:
    Aug 5, 2007
    Posts:
    238
    I've read on several sites that the key is currently available in U.S., Germany, and Austria. Supposedly PayPal will be expanding to other markets in the coming months.
     
  12. Teknokrat

    Teknokrat Registered Member

    Joined:
    Apr 20, 2007
    Posts:
    95
    Location:
    First Life? (Sweden)
    Thx for letting me know, boonie.

    Strange that the info on paypal.com doesn't say anything about where the offer currently is valid.

    regards,
    T
     
  13. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I was a corporate officer at a bank where laptop hard drives were encrypted, connected via VPN, and had the additional layer of challenge/response using a digital token like this.
     
  14. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    This seems similar to the token device used by my sister to access her online work account. The password would be different each time when you wanted to sign on. I am not a heavy user of Paypal so I will pass. I don't need another thing dangling on my keychain. :D
     
  15. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    Seems to be in principle the same like PIN/iTAN. Maybe the 30-second-key can be stolen by using a fake website?

    However, i think not the authentification of the user is critical, it is rather more the amount of money that needs authentification.
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    That depends on what you use Paypal for and how much information you have already given them...

    If you use it to receive money (and therefore have a linked bank account) then having an extra factor in your security could be worthwhile, though it won't protect from security breaches at Paypal's end.

    If you use Paypal to make payments only though (via credit card) then there is far less point to it. You can protect yourself better by using throwaway Paypal accounts - for each payment, clear any existing Paypal cookie and create a new account using a one-time credit card number (see here for some options) and an email alias service like SpamGourmet.

    This has the advantage of protecting you from breaches on Paypal's side (if someone breaks into your account, they can only access expired credit card data), it avoids the overheads of maintaining an account (having to change password/personal details, etc), makes it harder for Paypal to track (and subsequently market) your transaction history and, best of all, it protects you from any potential "cash grabs" in the event of a dispute.

    If you use an anonymity service, it also means you can ignore Paypal's habit of suspending your account every time you access it.

    In essence, you treat Paypal as an online financial condom - use once, wipe yourself clean, discard. ;)
     
  17. DrWakk

    DrWakk Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    1
    The Security Key (fob) is quite useful for anti-phishing. However, if you access your PayPal acct from different computers, then carrying the Security Key around with you all the time may be inconvenient. If you use only 1 or 2 machines, it may work better. A person may try out the fob to see if it works well. If not, the fob can be disabled in your acct settings. It can also be re-enabled in the same area. The fob is keyed to work with just 1 account so others cannot access your stuff by using another Security Key device.
    It IS better than an email name and a PW alone.
    Think about all those accts being cracked at AT&T mobile by using the person's phone # and clicking forgot PW, then doing the multiple guess security questions. "What car have you never owned? A) Lamborghini B) Ford C) Fiat D) Hudson? Take a guess, win the lucky prize - your own AT&T account! Order your limit of those new 16GB iPhones and sell them on eBay! (eBay and PayPal would profit!)...on and on....
     
Loading...
Thread Status:
Not open for further replies.