PayPal Security Key
PayPal has recently introduced the new PayPal Security Key service and that’s what I’d like to talk to you about today! The PayPal Security Key service is essentially designed to add an additional layer of security to the existing PayPal authentication, which uses a username and password. If a user signs up with the PayPal Security Key service, they’ll be authenticated by using not only their username and password, but also by the additional security key generated by the service. The service is being offered in association with VeriSign ID Protection. VeriSign is an industry leader in online security and protection services. They’re bringing their expertise and experience into play. The PayPal Security Key will be usable on the PayPal Web site, on the eBay Web site and on any other site that displays the VIP (VeriSign ID Protection) logo.
Why a PayPal Security Key?
As you know, authentication on most Web sites is done through a unique username and password combination, but since that information is stored on the site’s server, it becomes susceptible to online security threats. For example, somebody may hack into the Web site’s server, access the username and password information and then use it to authenticate themselves onto the site. However, such breaches are rare and Web sites of large companies usually have very strong security measures to defend against such attacks. A much more common scenario is the log in information for a user can actually be stolen or overheard by a malicious user. That malicious user can then use it to log in to the Web site. The additional layer of security that the PayPal Security Key provides is a way to combat that problem.
With the PayPal Security Key, even if a malicious user does gain access to your unique log in information, they still can’t get ahold of the security key this service provides you. Therefore, it’s quite impossible for them to be able to log in to your account.
How Does the PayPal Security Key Work?
The best feature of the security key is it’s literally unique every time you use it. Each time you need to log in, a new key is used. Even if a malicious user was lucky enough to get one such key, it doesn’t matter, because the next time you log in, the key will no longer be valid. Cool, huh?!
The way a user gets the unique key each time works in two different ways:
1.) Security Key Token: PayPal sends you an electronic device called the Security Key Token, which generates a unique six digit number every 30 seconds. When you need to log in, you simply turn on the Security Key Token and use the number it generates for you.
2.) Mobile Phone Security Key: When you need to log in, you request a key on the PayPal (or eBay) Web site. A security code or key is then sent to your mobile phone via a text message.
How Much Does the Service Cost?
The Security Key Token has a one time cost to receive the electronic device, which is $5 at present. Of course, if you were to lose the key, a request for a replacement is required and that would cost $5 as well. The Mobile Phone Security Key has no cost whatsoever. Bear in mind, however, that your cellular provider will charge you for the SMS text message. You’ll simply be charged whatever your provider normally charges for a text message.
Are There Any Potential Issues with the Service?
Of course, there are potential issues with any new service. The problem in this case is, for some reason, you may not have access to the Security Key Token device or to your cell phone at all times. But if that ever happens, you’ll still be able to log in using a set of security questions.
Fortunately, it’s hard to have your username and password, as well as, your security key compromised. For one thing, as I mentioned before, the key changes every time you have to log in, so getting a single key or security code is useless to a malicious user. Alternatively, even if a malicious user was to find a Security Key Token device, they’ll still be unable to use it, because they don’t know what account it’s linked to.
Note that you’ll need to have either the Security Key Token or a mobile phone (with a plan that allows you to receive text messages) in order to use the PayPal Security Key service. Additional information is available here if you’d like to know more. I hope you find this tip to be most useful!
~ Stephen Davies