Paypal tries to get secure with new Security Key

Posted January 16, 2007 at 03:57 AM by Doug Berger

Section: Computers, Security, Gadgets / Other, Web, Websites, Miscellaneous

Ever since Paypal became the most used Internet payment site, they have had a huge problem with phishing schemes.  Now, in an effort to combat such schemes, Paypal has turned to their new Security Key, a keychain fob similar to the ones that online banks have been using for years.

With the new device, a unique one-time-use password is generated every 30 seconds.  Users will be prompted for not only their username (or email) and password as before, but they will also be asked to enter in this new number.  Regular users will be asked to pay $5 for the fob, while business users will be offered one for free.  The new layer of security may seem like it is indestructable, but as Jason from Gizmodo points out, there are two scenerios where the Security Key’s number will no longer matter.

In one scenerio, the phishers could somehow gain knowledge of your specific Security Key’s algorithm.  This is obviously very unlikely since the chance of finding any sequence in a series of 6 random numbers is near impossible.  The next scenerio is if a user is tricked into entering their username, password, and keygen in a phishing site, the phishers will have 30 seconds to login to Paypal.  I’d say this is VERY likely to happen, although it will still cut out a majority of phishing attacks that exist today.  Paypal, you’re off to a good start, but there’s still some work to be done.

Read [Paypal] Via [jkOnTheRun]