Paypal Authentication Gets a Security Boost
Paypal users rejoice! Ebay's online payment platform should soon allow you to authenticate to their service via a secureID-like password generator.
The way the device works is simple. First, users will have to enter their username and password on sites accepting paypal payments. Then, they'll have to look at their password generator and input underneath the other information the 6-character numeric key they see displayed on its screen. This number will change every 30 seconds, preventing villains that are trying to get in the victim's account from successfully logging in, even if they are already in possession of the user's login information. The device will be completely platform and browser independant, so it will work anywhere you are, whether it is at the office, at home or on a $100 laptop in a school in the middle of the third-world.
For those of you who wish to learn more about the "Key" and are knowledgeable about computer security, you'll be pleased to learn that the device operates on Verisign's two-factor authentication system (PDF), a relatively new and very secure OTP technology.
The PayPal security key will cost $5 for common users and will be free for business users. There will be no recurring charges after that; the extra layer of protection is completely free. It will first be available in February 2007 to people in the US, Australia and Germany. If we consider the extra security this thing will bring you, I don't think anyone who uses paypal should ignore this offer. It may actually save you quite a bit of money if you ever are gullible enough to follow the instructions in a phishing email.