?

Log in

No account? Create an account

Previous Entry | Next Entry

Two Factor Your Paypal

Paypal is introducing another way of avoiding being phished: two factor authentication. For $5 you'll get a keyfob that generates authentication codes that are valid for only 30 seconds at a time. You'll need the code from your fob (once you've registered it) every time you make a transaction through Paypal.

You won't be forced to get one (yet) - it's an optional add on to your account.

That way, if someone phishes your code, they'll only have 30 seconds to use it - and as most of the damage is the people who get sold your log-in, down the phising chain, that's a good start. Though I suspect we'll end up with multiple

It's a similar process to RSA's SecureID tags, though according to my sources at RSA the PayPal tags aren't using RSA's technology. It'll be very similar, after all, it's all driven by the mathematics...

It's also something geeky to hang off your key ring. Though I don't really fancy the obvious future where we end up having to carry fobs for all our main ecommerce sites, and for our online banking...

I suspect they're only available in the US at the moment, as I don't seem to be able to buy one...

Comments

( 1 comment — Leave a comment )
megadog
Feb. 9th, 2007 07:35 pm (UTC)
"...Though I don't really fancy the obvious future where we end up having to carry fobs for all our main ecommerce sites, and for our online banking..."

The obvious answer being the third-party trust-mediator. Who in return for a fee (to cover the cost of insuring themselves against claims of mal-use and to make a fair profit on the whole deal) let you authenticate to them and in turn will present valid authentication to third-parties.

The logical extension of this being the emergence of private transactionally-authenticated securities [we already have the idea in Second Life's Lindens] - I'd really like to also see the emergence of Microsoft Dollars (Bill's Dollars not Dollar Bills?) and other free-market alternatives to State-backed transactional currencies. Who'll be the first to offer off-planet financial transactions where the 'value' is stored on a satellite well beyond the reach of those troublesome nation-state tax-authorities?
( 1 comment — Leave a comment )