How PayPal Will Fight Phishing and Password Cracking

Mon Jan 22, 2007 5:52PM EST

See Comments (4)

I've done a couple of posts lately about password cracking and online security, and in your emails and comments I can hear your frustration: What is being done about this online epidemic?

Well, PayPal (one of the most heavily-targeted financial websites) is finally taking steps in the right direction, with a hardware security key that makes cracking your account next to impossible.

Often called security tokens, a security key is a small piece of hardware that's designed to be carried with you at all times (typically on a keychain). The device does nothing except generate a different six-digit number every 30 seconds. There's no way to predict the number at any given time, which is generated by an algorithm on both the key itself and by a matching algorithm on PayPal's servers.

Now here's the trick: If you have the security key (pictured), when you visit paypal.com you're asked for the usual user name and password as well as the six digits displaying on the security key at the moment you login. Assuming your password is also good, if the six digits you type match those that PayPal has generated, you're in.

Many businesses already use these keys for remote access, so you might be familiar with how they work. This is exactly the same premise, providing an extra layer of security that only the bearer of the security token knows. If you want to obtain the PayPal Security Key, it will be available later this year (an exact date is undetermined), but you can keep tabs on it here. The keys are optional and will cost $5. Infoworld has more details.

I have to say this is great news, and I'll probably sign up since I get several PayPal phishing emails every day, but security keys don't scale. If I have even six critical online accounts, that's a lot of hunks of plastic on my keychain. At the same time, a centralized version of this technology probably wouldn't work.

For now, though, this is a step in the right direction. Anyone have any better ideas for the future?

Comments on How PayPal Will Fight Phishing and Password Cracking

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by dionh70 on Mon Jan 22, 2007 7:06PM EST Report Abuse

    I've got a better idea using biometrics securely encoded onto a USB-capable device by a certified center, similar to a notary, that I plug into my PC when trying to login to a secure website. The website will have a Flash plugin that looks for the P-n-P signature of the device on my system, and matches it to the biometric data that was already securely transmitted to the institution by the certified center. The Flash plugin automates the certification of my biometric data on my keyfob with the institution without actually accessing any data. The actual transaction in conducted with the latest encryption built into the browser software. All data is securely transmitted, with no personally identifiable data left on the machine so I can even use public terminals.

  • 2 Posted by clmarti53 on Tue Jan 23, 2007 6:44PM EST Report Abuse

    There is something even better that doesn't require any particular device attached to a computer. I know exactly how it can be done. I'm going to check with some people in my company and see if I can get the ball rolling here. If they don't want to do it I'll put the info out there so someone else can do it.

  • 3 Posted by heatherhedyjon on Tue Jan 23, 2007 8:21PM EST Report Abuse

    Paypal is beyong useless and horrible-I incessantly get emails from them with fraudulant names and charges. No one ever replies to my emails concerning requests for help. It has been going on for over a year and I've sent no less then 20 emails.

  • 4 Posted by alertme001 on Fri Jan 26, 2007 12:42PM EST Report Abuse

    I completely agree with this guy. I have been using AlertPay.com instead and i have no problems. Especially when it comes to customerservice.

More Posts: First Prev 1 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.