PayPal key fob's on the job

PayPal launched on Friday its security key fob, a little device designed to thwart password-stealing bad guys who are out to pilfer your online payment account.

PayPal, owned by online auction behemoth eBay, says its PayPal Security Key will generate a new security code every 30 seconds, which people will enter along with their log-in and password for their eBay and PayPal accounts.

PayPal, which initially announced in January plans to increase security via a password-generating key fob, will charge $5 to PayPal and eBay account holders in the U.S. The plan will be expanded internationally.

Various versions of two-factor authentication have been circulating on the market for a good number of years, from password-generating tokens, otherwise known as key fobs, to chip-embedded smart cards.

But problems also exist with these additional layers of security.

Think memory lapse. Imagine trying to access your eBay account as the minutes tick down on an auction you're bidding on, but the key fob is nowhere to be found. Do the words, "Where is that **** thing?!?," sound familiar?

And for people whose key chains rival that of your friendly maintenance worker, imagine throwing a few key fobs into the mix.

I better start paring down my key chain and drinking Ginkgo now.

[kgovert007]

What??

"Think memory lapse. Imagine trying to access your eBay account as the minutes tick down on an auction you're bidding on, but the key fob is nowhere to be found. Do the words, "Where is that **** thing?!?," sound familiar?"

Uh......Why would you need your paypal key fob when you are BIDDING on an item??

[chigirlmi]

uh-duh

you need the key fob because you need it to SIGN IN to your ebay account, which is where you would be if you were bidding! :)

[skswave]

let's get paypal to use the TPM we already own

With over 50 million laptops shipped that have a Trusted Platform Module TPM on the motherboard and with over 150 companies supporting this hardware authentication standard why should I have to pay 5 bucks when I can use the TPM that is already in my machine. in addition, a TPM will authenticate to the account without having to put in a new number every time and if I have a laptop with both a Biometric and a TPM then I can use my fingerprint to logon using industry standard methods. It's time Ebay and Paypal use the tools that all of us will get for free with our new machines.

Steven Sprague
CEO
Wave Systems Corp.

[Dachi]

Huh?

So instead of paypal handing out $5 key fobs, they should hand out $2,000 laptops?

Granted, $710,671 in compensation would probably change my mind too :)

[patkohler]

sure

We can get the whole industry to use your companies hardware. Not sure when stocks will become available, but if people seem to adopt these little keys it might put a damper on your business, your compensation as CEO, and the shares of your investors. I bet that since the little keys are only going to be $5, that they are not planning to get rich quick. Using the keys system rather than your companies solution, means that everyone can safely sign in without having to buy a new computing device. Also, I am sure that eBay and family have done research and concluded that the keys they produce are a better solution. Given that they took the time and money to build a confab to produce these keys, they will probably not be abandoning this solution anytime soon.

[8ball629]

I'm not sure...

I don't really know anything about TPM (and that will become obvious with this comment/question) but wouldn't that mean you could only use your PayPal account from one box?

I could be wrong but if TPM provides a unique authentication based on the hardware within one box then I would think trying to use your account from a different box would be difficult.

Also, doing something like this would be too much dependencies on the consumer. If a user has ancient hardware, how are they going to use PayPal (with TPM authentication)?

I may be way off course but this comment was more of a question about your suggestion than anything.

[jonhenshaw]

Problems with using it with eBay

My fob broke and I was able to deactivate it with PayPal, but not
with eBay. The ONLY way to deactivate the fob with eBay is to
have them call your home phone. Well, as in my case, the phone
number they have on record is no longer in use. So what's my
other option so I can regain access to eBay? There is no other
option. Speaking to eBay customer service was useless and they
ultimately told me to talk to PayPal (who can't do anything about
it, because it's an eBay issue). So their not-well-thought-out
policy is ruining what could have been a nice security feature.
Now I'm just indefinitely locked out of my eBay account until
they revise their policy.

[turtlecatpurrz]

There Goes More Web Accessibility

Oh Wow, what a great idea. Oh, Wait... There is no way to use it as a blind person. Damn. Um, so, what other options have I got? I am getting so tired of hearing about ways to make products more secure that also make them inaccessible to the blind consumer. Captia, Anyone?

In the physical world, I can find my way around most of the tricky little issues that crop up. For instance, to cross a street, all I have to do is listen for traffic that is moving the same direction I am, because the cars that move in front of me won't be trying to move through them. On the web however, I just keep finding all these obnoxious security road blocks, and I haven't quite found a way around them yet. I thank anyone who uses Audio Captia as an alternative to the picture only options. It makes my day a lot easier.