In early 2006, PayPal introduced an optional security key as an additional precaution against fraud. A user account tied to a security key has a modified login process: the account holder enters their login ID and password, as normal, but is then prompted to press the button on the security key and enter the six-digit number generated by it. For convenience, the user may append the six-digit to their password in the login screen. This way they are not prompted for it on another page. Using this method is required for some services, such as when using PayPal through the eBay application on iPhone.
This two-factor authentication is intended to make account compromise by a malicious third party without access to the physical security key difficult, although it does not prevent so-called Man in the Browser (MITB) attacks. However, the user (or malicious third party) can alternatively authenticate by providing the credit card or bank account number listed on their account. Thus, the PayPal's implementation does not offer the security of true two-factor authentication.
The key currently costs US$5.00 for all users with no ongoing fees.[48] The option of using a security key with one's account is currently available only to users registered in Australia, Germany, Canada, the United Kingdom and the United States.[49]
source : http://en.wikipedia.org
No comments:
Post a Comment