Modernizing Authentication — What It Takes to Transform Secure Access
PayPal customers can now use their cell phones to authenticate their transactions through a new service that lets customers use SMS messaging (define) to get a randomly-generated access code to log into their accounts.
The service, called the PayPal SMS Security Key, is an extension of PayPal's current Security Key service, which uses a hardware token. However, unlike the current service, which charges customers $5 for the token, the new service is free. Customers will have to pay their carriers' charges for SMS services, though.
PayPal and its parent company, eBay, were the first sites to sign on for VeriSign's (NASDAQ: VRSN) Identity Protection (VIP) two-factor authentication service when that was launched at the 2006 RSA Conference.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i Two-factor authentication is where something the users know and something the users have, such as a hardware token, are both required to log in. Both PayPal and eBay are members of VeriSign's VIP Network, which has about 30 members. Anyone who is a customer of one member of the network can use the same authentication key to log in at the other members' Web sites, Jeff Burstein, senior product manager at Verisign, told InternetNews.com.
The services use an algorithm stored on VeriSign's servers to generate a unique six-digit security code every 30 seconds. Mobile phone users have to register their devices with VeriSign before they can use the PayPal SMS Security Key, Burstein said.
Customers using their mobile phones for authentication will have to re-register their new phones if their current ones are lost or stolen. In the meantime, they will be able to access their accounts by answering secret questions that they have set up to establish proof of their identity.