David Findlay

a man, a plan, a cake: nirvana

PayPal Security Key

I received my PayPal security key a couple of days ago. It's a device that generates a different 6-digit PIN every 30 seconds. Once activated on PayPal and/or eBay you have to append these 6 digits to your regular password. If you don't, it will ask you for the PIN once you've entered your password. According to the Director of Account Protections at PayPal, who was interviewed on a recent episode of Security Now, this is part of Verisign's VIP network, which is to include banks and such. So you should be able to use the same security key for your online banking, rather than ending up with a pocketful of dongles.

PayPal Security Code Page

The key worked for me to begin with, but then today both eBay and PayPal started rejecting the PIN I entered. Finally, PayPal made me go through the setup process again, to resync the server to the key's internal clock. Hopefully that won't happen too often. I also tried out the "I don't have my Security Key" option, and it just made me answer the usual security questions, so I'm not sure how much more secure the key is really making my account, but it's an interesting development nonetheless.