LoboLinks | PayPal Peace of Mind

PayPal Peace of Mind

Date Added: June 09, 2008 11:07:40 AM
Category: INTERNET
Your PayPal account is a gateway to your finances and your identity. Not only does your PayPal account include sensitive personal information, it also provides access to your bank and credit accounts. How much would you be willing to pay to protect this information? $100? $50? How about $5? For $5 you can secure your PayPal account so tightly that you could put your password up in skywriting and still sleep soundly at night. Not that you should. Put your password up in public, that is. You should definitely sleep soundly at night. That really can´t be stressed strongly enough, the value of a good night´s sleep. And after securing your PayPal account with a $5 token investment, maybe you´ll finally get one. A good night´s sleep, that is.

Good security is achieved through what´s called "two-factor authentication", which is a fancy way of saying "two forms of ID, please." It is often also referred to using the mnemonic "something you know and something you have." You´re probably already familiar with this concept. If you use an ATM card, you´re already subject to two-factor authentication: you first insert your card (something you have), and then you type your PIN (something you know). In the online world, the first factor or form of ID is your name and password combination (something you know), and to this is added the second factor, such as a hardware device that generates a random one-time password that is mathematically tied to you and only you (something you have).

The PayPal Security Key is a $5 device that is mathematically and uniquely tied to you and your account, and every 30 seconds it generates a one-time password that only it and PayPal can possibly know. Once you receive your PayPal Security Key in the mail, you associate it with your PayPal account by logging in and proving that you have the key in your possession by entering two consecutive codes that it generates. After this one-time association, every time you attempt to log in to PayPal, you must provide not only your username and password, but also the unique six-digit code generated by your PayPal Security Key. The code provided by your Security Key is random, and cannot be guessed by anyone even if they know everything else about you and your PayPal account.

The PayPal Security Key is small enough you can carry it with you on your keychain, and if you lose it, you can get a new one for $5. Without your username and password, the Security Key by itself is useless. Of course you should still practice safe password practices by using a long password with a combination of letters and numbers, and you should never write your password down. Just like you would never write your PIN on your ATM card, you should never make your Security Key available along with your name and password. PayPal even discourages storing the PayPal Security Key near your computer; this is good advice, particularly if you use a password manager on your computer to lock up your account information.