Skip to content

Posts tagged ‘PayPal’

17
Mar

Inside the PayPal Security Key

This week I received my PayPal Security Key. Curious about the internal workings and origins of this device got the better of me, so I thought I’d share my findings with anyone interested while I ripped it apart and found out what made it tick. And then I went on to see just how secure this method actually is.

Background

A few months ago I was perusing the news sites and ran across an article that described how PayPal and eBay were going to offer a new authentication method that was immune to phishing scams, brute force attacks, and general end user gullibility tactics. They were going to start offering a security fob that generates six digit codes that you use as part of your password to log into the websites.

Delivery

Envelope
After asking PayPal when they’d be offering, they said that they would make them available to customers with business accounts by the end of January for a one time fee of $5 (US). When it became available, I used my paypal account to order one.
Contents
This week my fob arrived via USPS First Class mail in a cardboard envelope that was slightly bulging in the middle. The exterior of the envelope had the PayPal logo on both sides and a sticker which I later found contained my fob’s part number and serial number in both bar code and alphanumeric characters.

The envelope contained an instruction manual, a list of ten security tips, a printed packing list, a wallet card with instructions (not shown), and a white cardboard box which contained the fob.

After removing the fob from the box, I was able to get an idea of initial quality of the design. I wasn’t overly impressed and don’t think this device would hold up attached to my keychain. But I wanted to get a better look inside before I made my final decision on that.
Key Front
The second thing I found that was odd was that the display was blank and only activated when you press the rubberized gray triangle button on the left side of the display. My only other experiences with token based security devices has been with RSA’s SecurID product that is always showing a code and a time bar that shows how soon before the code changes.
Read moreRead more

%d bloggers like this: