PayPal Rings Up Two-Factor Security
Your cell phone becomes the second part of two-factor authentication.
PayPal customers can now use their cell phones to authenticate their transactions through a new service that lets customers use SMS messaging (define) to get a randomly-generated access code to log into their accounts.
The service, called the PayPal SMS Security Key, is an extension of PayPal's current Security Key service, which uses a hardware token. However, unlike the current service, which charges customers $5 for the token, the new service is free. Customers will have to pay their carriers' charges for SMS services, though.
PayPal and its parent company, eBay, were the first sites to sign on for VeriSign's (NASDAQ: VRSN) Identity Protection (VIP) two-factor authentication service when that was launched at the 2006 RSA Conference.
The services use an algorithm stored on VeriSign's servers to generate a unique six-digit security code every 30 seconds. Mobile phone users have to register their devices with VeriSign before they can use the PayPal SMS Security Key, Burstein said.
Customers using their mobile phones for authentication will have to re-register their new phones if their current ones are lost or stolen. In the meantime, they will be able to access their accounts by answering secret questions that they have set up to establish proof of their identity.