I had a rather unpleasant experience with PayPal lately where someone transferred all the money from my account. PayPal was not very forthcoming and I do not know until today how this happened.
One of the first things that I did after this experience was to order a PayPal Security Key. I was contacted by VeriSign, the creators of those security keys, just a few days later and they sent me a key as well. In other words: I bought a key and got one from VeriSign for testing.
The VeriSign Identity Protection device can be used to add another layer of security to the login process. The PayPal Security Key mentions only eBay and PayPal and I'm not sure if it works with other websites and services that the VeriSign Identity Protection key works with.
The key is a little device that displays a six digit security code when a button is pressed. That code is active for 30 seconds after which it disappears again. The device has to be activated on the website that you want to use it for by entering the serial number of the device and two six digit codes.
Once a device has been linked to an account it has to be used to log into the account by pressing the button and entering the six digit code after the password on that website or by entering the login credentials normally and the six digit code on the next page where it is requested before the user can proceed.
The real benefit of this key is obviously that an attacker who is getting hold of your login credentials cannot log in into the account as the six digit number that is randomly generated by the device is required as well.
PayPal seems to heavily subsidize the key. If you order the security key at PayPal you receive a blueish-gray device for roughly 5€ while the VeriSign key is delivered in dark red for the price of $30. As I said I'm not sure if the PayPal key works with other services as well.
The VeriSign website offers two additional devices. One is the so called VIP Security Card (for $48), a credit-card sized device that seems to offer the same functionality and the SanDisk U3 TrustedSignins which works with SanDisk U3 devices but does not seem to come with additional charges.
This is definitely a step into the right direction and I strongly suggest to everyone using eBay and PayPal regularly to get one of those security devices to add another layer of protection to their account.
Note: Verisign seems to be part of Symantec now and the service is called as Symantec VIP now. The devices have been renamed Validation & IP Protection and are still available. You can purchase a VIP Security Token for $30 or a VIP Security Card for $48. There are also two new products: mobile apps for smartphones that are free to download and use, and desktop programs that are also free to use.
Hardware tokens are not available anymore; the site links to Amazon only, and Amazon lists the devices as unavailable.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.