Paypal tries to get secure with new Security Key
Ever since Paypal became the most used Internet payment site, they have had a huge problem with phishing schemes. Now, in an effort to combat such schemes, Paypal has turned to their new Security Key, a keychain fob similar to the ones that online banks have been using for years.
With the new device, a unique one-time-use password is generated every 30 seconds. Users will be prompted for not only their username (or email) and password as before, but they will also be asked to enter in this new number. Regular users will be asked to pay $5 for the fob, while business users will be offered one for free. The new layer of security may seem like it is indestructable, but as Jason from Gizmodo points out, there are two scenerios where the Security Key’s number will no longer matter.
In one scenerio, the phishers could somehow gain knowledge of your specific Security Key’s algorithm. This is obviously very unlikely since the chance of finding any sequence in a series of 6 random numbers is near impossible. The next scenerio is if a user is tricked into entering their username, password, and keygen in a phishing site, the phishers will have 30 seconds to login to Paypal. I’d say this is VERY likely to happen, although it will still cut out a majority of phishing attacks that exist today. Paypal, you’re off to a good start, but there’s still some work to be done.
Read [Paypal] Via [jkOnTheRun]
Keep up with the latest gadget goodness! - 
Subscribe to our feed →
WTF are you talking about. 9 out 10 phishing sites just log info for evil use later. So the key is 100% effective against that. The Algorithm is going to be slightly different for each fob, so good luck cracking it. If you want your blog to go anywhere, you need post articles that are actually useful. Its obvious you have no idea what you are talking about.
on October 21, 2007 at 05:37 PM - LINK