PayPal users should I get & use the Security Key?

PayPal users should I get & use the Security Key? It's $5 btw. Thanks.

 

Well, I use it. It does add another layer of protection:
Something you know (password) + Something you have (key).

I keep it on my key chain. It's easy and fast to use. Just push the button and you get your 6 digit security code. The code displays for 30 seconds before it resets.

 

I bought it because I'm going to be pulling up stakes & using others computers for 1-3 months. So I'm leaning towards a little extra security for $5. Hope it gets here b4 I move. Thanks.

 

im confused about this.
ok so you type in your password and then press the button on the keyfobe and type in the 6 digit in to the computer and the servers verfy it?

the keyfobe is just a keyfobe with a button and little screen right?
so how the hell does the server know if that 6 digit code you typed in was the one on the device for 30 seconds?

 

"The Security Key creates the account access code by using a complex algorithm that's unique to your device."

PayPal info page

That's all I could find at PayPal. I know Steve Gibson spoke about the algorithm on Security Now (where I first heard about it), but I've forgotten the episode #.

 

Let's just say "it works".
When I don't type in the 6 digits from my token, log in won't work. So in case my defense on my pc is breached and some keylogger got hold of my password, without the number from the token (constantly changing) it won't work.

 

I got mine

 

I've got such a device from my bank, it works...

 

I can't find info on what geographical areas this offer covers. When I'm logged in on PP and follow the link to the orderpage i get this message:

I have tried several times over a period of days but no go.
Is it an offer for the US market only?

regards,
T

 

I've read on several sites that the key is currently available in U.S., Germany, and Austria. Supposedly PayPal will be expanding to other markets in the coming months.

 

Thx for letting me know, boonie.

Strange that the info on paypal.com doesn't say anything about where the offer currently is valid.

regards,
T

 

I was a corporate officer at a bank where laptop hard drives were encrypted, connected via VPN, and had the additional layer of challenge/response using a digital token like this.

 

This seems similar to the token device used by my sister to access her online work account. The password would be different each time when you wanted to sign on. I am not a heavy user of Paypal so I will pass. I don't need another thing dangling on my keychain.

 

Seems to be in principle the same like PIN/iTAN. Maybe the 30-second-key can be stolen by using a fake website?

However, i think not the authentification of the user is critical, it is rather more the amount of money that needs authentification.

 

That depends on what you use Paypal for and how much information you have already given them...

If you use it to receive money (and therefore have a linked bank account) then having an extra factor in your security could be worthwhile, though it won't protect from security breaches at Paypal's end.

If you use Paypal to make payments only though (via credit card) then there is far less point to it. You can protect yourself better by using throwaway Paypal accounts - for each payment, clear any existing Paypal cookie and create a new account using a one-time credit card number (see here for some options) and an email alias service like SpamGourmet.

This has the advantage of protecting you from breaches on Paypal's side (if someone breaks into your account, they can only access expired credit card data), it avoids the overheads of maintaining an account (having to change password/personal details, etc), makes it harder for Paypal to track (and subsequently market) your transaction history and, best of all, it protects you from any potential "cash grabs" in the event of a dispute.

If you use an anonymity service, it also means you can ignore Paypal's habit of suspending your account every time you access it.

In essence, you treat Paypal as an online financial condom - use once, wipe yourself clean, discard.

 

The Security Key (fob) is quite useful for anti-phishing. However, if you access your PayPal acct from different computers, then carrying the Security Key around with you all the time may be inconvenient. If you use only 1 or 2 machines, it may work better. A person may try out the fob to see if it works well. If not, the fob can be disabled in your acct settings. It can also be re-enabled in the same area. The fob is keyed to work with just 1 account so others cannot access your stuff by using another Security Key device.
It IS better than an email name and a PW alone.
Think about all those accts being cracked at AT&T mobile by using the person's phone # and clicking forgot PW, then doing the multiple guess security questions. "What car have you never owned? A) Lamborghini B) Ford C) Fiat D) Hudson? Take a guess, win the lucky prize - your own AT&T account! Order your limit of those new 16GB iPhones and sell them on eBay! (eBay and PayPal would profit!)...on and on....