Over the next few months, Ebay will be offering its PayPal users a new tool in the fight against phishers: a $5 security key. The security key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service. "The key is really going to give users one more layer of security for their accounts," said Sara Bettencourt, a PayPal spokeswoman.
Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts. "If you fall for a phishing scam and give away your user name and password...if you used the PayPal Security Key, a third party couldn't get to your account because they wouldn't have this dynamic digit," Bettencourt said. The Security Key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.
View: The full story
News source: InfoWorld
Because the numeric password changes so frequently, even successful phishers will end up with obsolete numeric passwords and will be unable to empty PayPal accounts. "If you fall for a phishing scam and give away your user name and password...if you used the PayPal Security Key, a third party couldn't get to your account because they wouldn't have this dynamic digit," Bettencourt said. The Security Key could be an important tool for PayPal, whose Web site is frequently spoofed by phishers looking to steal user account information.
View: The full story News source: InfoWorld
email and you are stupid enough to give them your name & password.
5 bucks is a nominal fee to recover the cost of the dongle & shipping.
The key and the authentication servers are time-synchronized so that, based on the mathematical algorythmn created for said key, the number generated by the key will be the same as required by the server...with said number changing every 60 seconds.
the decie generates a number based on certain algorithm, combined with a personal number thingie stored in the device. also the timecode is somewhat involed I believe, but it may not be because of the unreliability of electronics to stay at the correct time.
the sam algorithm as well as your personal code is stored at Amazon, so they compare what number shoudl come.
I suppose instead of time the vevice used a sequental generator. that's what they used before(many web banks used them in the form of code cards before where the numbers where pre generated, and you had to remember what was the next number yourself).
in this way the device generated a number where the number of times it has been used is part of the algorithm as well.
The bank, or in this case ebay, then calculates the next 3 or so numbers, and sees ifthe number is the same as one of them, if it is it resyncs to that number and accepts.
That's how they did it before and thus you allways got a warning not to genrate numbers when you wheren't asked to, because more than so or so generations would unsync you. and you would need to resync at the bank.
however with the latest 1 button to generate the number devices you get from banks now, or with Bank ID(e-ID anyway)(wich i guess this is the same thing as what PayPal will use) they do not give these warnings, so I'm not sure how they sync, they may just have a bigger buff, but that seems unsecure somehow
I have to bring my Secure ID token with me everytime I travel by plane for work, and I haven't had any issues with the security check over it.
for $5. it's worth it , I get a lot of phising mails for eBay & Paypal, I've always ignored them , but must admit I got caught off guard once for my eBay, but I quickly changed my password about a minute later, once I realized it was a scam.
But if everybody used this it would put an end to phising for Paypal.
I wish the banks and credit card companies would take notice and implement this as well. It's not perfect, of course, but it's an extra security step. it also beats phishing because even if someone ripped off your information they'd need to use it within a couple minutes of retrieving it for it to still work.
If it is only $5 forever, I will most likely buy it for my dad. If it costs $5 a month there is no way I'd buy it. I might do it for $5 a year.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.