I use my PayPal account rather heavily so when I found out about the PayPal Security Key, I snatched one up right away. It’s only five bucks shipped and out of the box it leads you to set up your PayPal account with it in one step. It further points you to where you can use it with your eBay account in one more step.
I posted this photo because I was unsure of the size of the device before I got it. I was hoping it would be about the size of a standard key but it’s a tad larger. The hole for the key ring is also a little small but it includes a tiny bit for it to comfortably ride on a keychain.
Using the key is easy. Normally the device displays nothing. Press the button to get a number. When you submit your username and password in to PayPal or eBay it will give you a second step to put in the six digit number. You can also simply put the six digit number at the end of your password to save a step. The number changes every thirty seconds or so.
I was pleasantly surprised to I find out that this key is not just a PayPal and eBay device with a VeriSign stamp on it but it’s actually an RSA SecurID device that’s fully part of VeriSign Identity Protection. This means this key can be used for a whole number of sites especially being that VeriSign is also an OpenID provider. A bit more searching lead me to cavemonkey50.com with a list of a bunch of different OpenID opportunities that could be used with this Security Key if you have your OpenID account with VeriSign Labs’ Personal Identity Provider with your key bound to it.
Right now it’s only five bucks. So far I think it’s a pretty good deal.
Comments 3
Hi: I am the technical director for the VeriSign Open ID provider located at: pip.verisignlabs.com. I just finished reviewing your posting and I wanted to clear up a couple of comments.
First off the VIP network is exclusively Verisign’s and has nothing to do with RSA (think competition…:-)) and as such users of the RSA token system cannot use them on the Verisign network. The eBay and Paypal tokens are supplied to them by Verisign.
Second, in fact you can use your Paypal token on the PiP by effectly binding your account to the token. This is made possible by the fact that we are part of the VIP network. We are the only OP that supports this. So while you can use OpenID at any of the relying parties found on the list you must have an account on the PiP where you have bound your token to provide maximum security.
Hope that helps and welcome aboard!
Posted 23 Oct 2007 at 13:58 ¶Gary-
Thanks for the comment! I was truly misinformed on the RSA thing and think I wasn’t very clear regarding your second point. I’ve cleaned up the post. Thanks.
Posted 23 Oct 2007 at 14:25 ¶Nice find! I generate several hundred paypal transactions per month and this would be a nice added protection. I just ordered one!
Posted 25 Oct 2007 at 10:35 ¶Post a Comment