PayPal Mobile Security Keys
VeriSign sent me a free PayPal Security Key after I mentioned that an unauthorized payment was done from my PayPal account. The security key acts as a new layer of defense as it has to be entered during login to complete the login process and gain access to the account. So, instead of just signing-in with a username and password, you need to enter the generated code as well to complete the process.
The key is an electronic device that generates a six digit key every 30 seconds. That six digit number is needed to login into PayPal,and can either be entered right after the password in the password field or on the next page.
The device can be ordered from PayPal or from VeriSign directly. It works at all websites that make use of the key including eBay and PayPal.
Note: The devices are no longer produced; PayPal introduced SMS and app-based authentication options in the meantime that you may enable under Security in the PayPal settings.
PayPal Mobile Security Key
PayPal introduced the mobile security key recently. It makes use of the same mechanics with the difference that the security key is generated by an official server and sent to the user's cell phone instead.
This offers a few advantages like increased mobility and no waiting time till the device arrives. It does however mean that the user is charged for every SMS by the cell phone provider which should not be such a big issue for users who log in to PayPal irregulary. Merchants who log into PayPal several times a day may want to use the hardware solution instead to save costs.
Users who want to order a mobile security key can do that once they are logged into PayPal. The option becomes available after the PayPal login. A click on the Security link in the top right corner of the website will load a new page with a link named Security Key.
A click on that link will display two options: To order a security key device or a SMS security key.
Update: PayPal has modified its website. You ened to click on the cog wheel icon at the top now after sign in, switch to the Security tab on the page that opens up, and click on Edit next to security key.
The device is called a ‘token’, just in case someone wants to learn more, google that.