InsideGoogle

part of the Blog News Channel

PayPal Unveils Security Key

Infoworld reports that PayPal, long a favored target of phishers and email spam, has come up with a measure designed to better protect its customers. For $5, any PayPal customer can order a little security keychain that displays a new password every 30 seconds. When logging into their accounts, those users would have to enter their regular passwords, then look on their keychain and enter the current password from there, too.

It’s a great idea, and one that’s been discussed and implemented on a smaller scale before. I’m glad to see PayPal, which is easilly in the top 5 of all phishing scam targets, take a stand at protecting their customers. Still, five dollars is a barrier to adoption, and if PayPal’s users were interested in protecting themselves, they would have educated themselves, for free, on how to identify a scam (just because a logo is in an email, doesn’t mean it’s real!). I would suggest PayPal figure out how much money it makes off a customer, and start giving these out for free to anyone who’s a big revenue generator.

Considering how much information we now put in our Google Accounts, from credit card numbers in Google Checkout, to our email, schedules, im conversations, search history, search cache (in desktop search), and many other pieces of information scammers might want their hands on, maybe Google would like to offer this sort of thing to their users? I’d probably buy a Google security keychain, if only for the geek points.
(via Neowin)

January 11th, 2007 Posted by Nathan Weinberg | PayPal, eBay, General | 5 comments

« Previous | Next »



Hosting sponsored by GoDaddy

5 Comments »

  1. I think this could make matters worse rather than better! If the phisher sends the login straight through to paypal it’ll most likely be within the 30 second life of the code, so nothing much would change. On the other hand users could rely on the new key and might therefore lower their guard against such attacks?

    Comment by Ed French | January 11, 2007

  2. The InfoWorld story also notes that PayPal Business Account holders will receive the Security Key for *free*. It’s in employee beta now and will be open to a public beta soon, so stay tuned! (Note: in the interest of full disclosure, I’m a PayPal employee)

    Comment by Michael | January 11, 2007

  3. GO-3 = Vasco = Versign = Paypal

    http://www.vasco.com/products/product.ht…

    http://news.com.com/2100-7355_3-6149722….

    .Jeffries
    http://tinyurl.com/yhuf8d

    VASCO is the sweet spot of this trend, and upcoming deals(SSSS) in Japan and with Paypal (!!!!) give us increased confidence in 2007. Price target increased from $15 to $17.”

    Comment by Cortebeeck | January 17, 2007

  4. “If the phisher sends the login straight through to paypal it’ll most likely be within the 30 second life of the code, so nothing much would change. On the other hand users could rely on the new key and might therefore lower their guard against such attacks?”

    I’m sorry but if someone is smart enough to use a rsa key and they still get phished, nothing will help them.

    Nothing.

    Comment by Evan Platt | February 9, 2007

  5. Scary stuff, do we really think this will help or just give the illusion of security?

    Comment by SEO | September 4, 2007

Leave a comment