With account hacking and identity theft threats growing week by week, it is important for users and providers to do what they can to ensure their data is safe, secure, and as hack-proof as possible.
The simple username and password combination is no longer sufficient because of the security problems created by phishing e-mails that work in combination with forged websites. Some websites get so complex now that to retain all the login information, the usernames, passwords, magic numbers, PINs, the names of pets, high school mascot, and favorite color one almost has to write all of this down otherwise we would never remember it all.
However, some websites have dumbed the process down while making logging in as secure as possible with the technology available today. What used to be available only to partners or employees of organizations that were willing to dole the money out for these advanced technologies has recently been offered to the public for little or no cost.
Some time ago PayPal started allowing their clients to add one more layer of security to their account… a randomly generated number that changes every 30 seconds.Their site (www.paypal.com/securitykey,) which allows you to signup for this feature, also goes into detail about how this works. I’ll give you an abridged version.
You can go about obtaining this random number one of two ways.
The first way will cost you $5, and comes as a key fob. The serial number of the fob is assigned to your account, and every 30 seconds, a new number is sent to your fob. This method may be the most James Bond-ish, and will undoubtedly be a discussion piece from time to time, but personally I hate anything but keys on my keychain, so I opted for the other method.
A SMS/text message containing the security number is sent to your mobile phone upon request. This obviously requires that you A) have a mobile phone and B) are willing and able to receive text messages. Assuming you do, it maybe the quickest, easiest, not to mention cost free way to lock your PayPal account down even further.
So how does it work? After logging into your account the old way, and signup for this feature, an extra step in inserted into the normal username/password login routine. A new page appears asking you to enter your security key. A quick look at you key fob, or clicking “Send SMS” will get you that number. Enter it, and you are on your way as usual.
Some readers may wonder though how this makes their account more secure. Let’s look at a few situations.
Most common threat today is the phishing email. You get an email, with a link, saying you need to log into your account to accept a payment. I’ve seen such mails come in as SPAM, as well as legitimate mails to people trying to sell things on Ebay or Craiglist. Users click the link, and come to a forged PayPal site. Since it looks the same, some users proceed and enter their username and password. Now the thief in control of this fake site has your PayPal account credentials, can log into your real PayPal account, and transfer money, buy things, change your password, etc. Or wait… can they? Since you were smart and added this random number line of defense, while they may have your username and password now, when they get to the next screen asking for this random number, their theft attempt is thwarted.
It should be pointed out at this time that should you, or the thief in this matter, not have access to the random number (lost fob or phone) you can still access your account. In order to do that though, you need to answer a security question that the thief most likely would not know, like some various account numbers for example.
Another scenario, which my wife scares me with, is if you happen to enjoy writing your usernames, passwords, and often times the respective accounts/websites on a piece of paper and leave it in your purse, wallet, desk drawer. Here too, while I can read the lovely username/password list you left me on this spreadsheet on your laptop that I just stole, since I don’t have your phone or key fob… at least your PayPal account is safe.
The fact that you wrote your PIN on your debit card though… well until ATM’s incorporate fingerprint readers or retina scanners, there is no security to prevent against that kind of carelessness yet.
I suggest any PayPal users to check this out. It takes only a few minutes to sign up, an extra 15 seconds to login in the future, and really does offer a good line of defense. That address again is www.paypal.com/securitykey.
