There has been talk of PayPal offering security keys for use with their site – as well as eBay’s website. The story recently surfaced on digg.com (it’s probably been on there 50 times before – it is digg.com after all). PayPal’s page on it is here. It is still in beta testing phase now, but if you give PayPal $5 then they will send you one of the key fobs. You then activate your account for use with the new key fob and your new login process will include entering your normal username and password, as well as the 6-digit number displayed on the key fob (which changes every 30 seconds). Two factor authentication.
This move is obviously due to the fact that eBay and PayPal customers are frequent targets of phishing attempts. By using a method as above those attacks become much, much more difficult to be successful. I applaud PayPal for making this move as a solution to the problem. There are several people that criticize PayPal for charging $5 for the key fob. I see no issue with that, it’s a token amount of money. These devices are not free and I am sure they realize if you charge just a little for something, only people who will really use it will ask for one. Why send a key to someone who has no real intention of using it. And if you give stuff away for free people will take it even if they have no intention of using it (my closet is full of T-shirts that I have and never wear only because they were given away for free from some convention).
The largest issue I see in the future with these measures are that one has the potential to end up with several of these key fobs from various banking sites and such if this becomes more of widespread practice. Just from sites I frequent I can think of three or four that I would like to see move towards this type of system. Despite that, I still think this is a good move by PayPal and am anxious to see how the system works for them.