Paypal is introducing another way of avoiding being phished:
two factor authentication. For $5 you'll get a keyfob that generates authentication codes that are valid for only 30 seconds at a time. You'll need the code from your fob (once you've registered it) every time you make a transaction through Paypal.
You won't be forced to get one (yet) - it's an optional add on to your account.
That way, if someone phishes your code, they'll only have 30 seconds to use it - and as most of the damage is the people who get sold your log-in, down the phising chain, that's a good start. Though I suspect we'll end up with multiple
It's a similar process to
RSA's
SecureID tags, though according to my sources at RSA the PayPal tags aren't using RSA's technology. It'll be very similar, after all, it's all driven by the mathematics...
It's also something geeky to hang off your key ring. Though I don't really fancy the obvious future where we end up having to carry fobs for all our main ecommerce sites, and for our online banking...
I suspect they're only available in the US at the moment, as I don't seem to be able to buy one... ![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
tired