PayPal SMS Security Key for tightening security

EBay's PayPal service wants users to take security more seriously. The newly recruited security device is the mobile phone with SMS service. Just before making a PayPal purchase, the user pings the SMS service (by clicking a button on the site) for a fresh one-time credential. The user types in the usual username and password info and logs […]

EBay's PayPal service wants users to take security more seriously. The newly recruited security device is the mobile phone with SMS service. Just before making a PayPal purchase, the user pings the SMS service (by clicking a button on the site) for a fresh one-time credential. The user types in the usual username and password info and logs in. The SMS service answers the ping with a six-digit number -- that is, the credential. The user types the credential into a field on the subsequent pop-up. If one's mobile provider has a nasty habit of delaying text messages, fear not; PayPal falls back to a series of security questions if the credential doesn't get through in time.

PayPal has made a two-factor effort before, and the new PayPal SMS Security Key is in fact closely related to the gadget-bsed PayPal Security Key, even using the same security infrastructure. The SMS functionality comes from VeriSign's Messaging and Mobile Division, which has been working with hundreds of carriers to build a global identity-protection system.

The entire PayPal program falls under the banner of the VeriSign Identity Protection Network. VeriSign itself, which offers a variety of authentication credentials, rates its own SMS one-time password offering as a 2 (out of 4) for both ease of use and security, but gives it the very best rating for support costs and ease-of-use. (The earlier Security Key version, in contrast, rates 3 for both ease of use and security, though it's a bit more expensive both to support and to deploy.)

Source:→ BetaNews