How PayPal Will Fight Phishing and Password Cracking

Mon Jan 22, 2007 5:52PM EST

See Comments (6)

I've done a couple of posts lately about password cracking and online security, and in your emails and comments I can hear your frustration: What is being done about this online epidemic?

Well, PayPal (one of the most heavily-targeted financial websites) is finally taking steps in the right direction, with a hardware security key that makes cracking your account next to impossible.

Often called security tokens, a security key is a small piece of hardware that's designed to be carried with you at all times (typically on a keychain). The device does nothing except generate a different six-digit number every 30 seconds. There's no way to predict the number at any given time, which is generated by an algorithm on both the key itself and by a matching algorithm on PayPal's servers.

Now here's the trick: If you have the security key (pictured), when you visit paypal.com you're asked for the usual user name and password as well as the six digits displaying on the security key at the moment you login. Assuming your password is also good, if the six digits you type match those that PayPal has generated, you're in.

Many businesses already use these keys for remote access, so you might be familiar with how they work. This is exactly the same premise, providing an extra layer of security that only the bearer of the security token knows. If you want to obtain the PayPal Security Key, it will be available later this year (an exact date is undetermined), but you can keep tabs on it here. The keys are optional and will cost $5. Infoworld has more details.

I have to say this is great news, and I'll probably sign up since I get several PayPal phishing emails every day, but security keys don't scale. If I have even six critical online accounts, that's a lot of hunks of plastic on my keychain. At the same time, a centralized version of this technology probably wouldn't work.

For now, though, this is a step in the right direction. Anyone have any better ideas for the future?

Comments on How PayPal Will Fight Phishing and Password Cracking

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by sue_ann_green on Thu Sep 3, 2009 9:47PM EDT Report Abuse

    PayPal is a RIP OFF! They do not help resolve your issues when you do not receive the items you pay for. They tell you your dispute will be open for X number of days and you have to reply back before the deadline to keep you case open. I replied about 4xs before the dead line, they acted like they did not receive any of my e-mails and closed my account. I did not receive my money back nor did I receive the items I bought. This is a RIP OFF!

More Posts: First Prev 1 2 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.