Friday, February 16, 2007

PayPal Security Key is Pointless

PayPal just announced the release of the PayPal Security Key. It is a small, key fob style device that, when activated, generates a new 6 digit code for you to log into your account with every 30 seconds. Only a person that physically has access to the device can access the account. Pretty cool tech, and definitely secure. No one will use it.

The device is aimed to make PayPal more secure and to prevent phishing attacks from being successful. Do they think that a person who does not even check the URL they are logging into are going to pay $5 (waived for business accounts) for a device they will likely lose and one that is required anytime they want to access their account? Not a chance. The larger sellers on the platform, PayLoadz included, will have already been aware of these types of attacks and have applied stringer password schemes and always check the site. IE 7 and FireFox both have security warnings for sites that are phishing.

I guess they can point to the customers who were hacked and say they should have had a PSK, but that is after the fact. I guess I just don't get it.