$5 Security

So I spent $5 on what is one of the most secure ways to do any online logins, in this case my PayPal account.  PayPal now offers a one time password token (OTP) to give its users a more secure login methodology.  Now instead of a username and password you must also provide the current passcode displayed on the token they provide.


The passcode is valid for 30 seconds upon which time a new passcode is provided and that passcode can only be used once.  I am sure you are all familiar with RSA SecureID or one of Canada’s own AuthAnvil (run by Canadian MVP Dana Epp) and this is really not very different.  The device has a serial number and once it is synchronized with the authentication server you are ready to go.  Now you have something you know (your username/password) and something you have (the passcode on the token) for a nice secure two factor authentication scheme.  This got me thinking, why isn’t this standard from all financial institutions?  I asked around with some people I know and there is no reason why it isn’t feasible.  The banks could do, like they do for credit/debit cards, centralize the authentication/token sync so that you could use one token for your different banks and accounts.

When compared to the smartcard technology they are just starting to implement on credit cards in Canada, which is pretty lame since they all still have magnetic stripes on the back with the data and they use the same PIN as your debit card, isn’t this a better route?  I was more than willing to pay the $5 to cover the costs which included shipping for the added protection and I’d even go as far as paying an additional fee every month with my bank to provide me a real level of security.  The token is small enough to stick on your keychain and as a backup you can authorize a mobile phone and get  a OTP sent to your phone via SMS for emergencies.

Doesn’t this make more sense than adding a smart chip but leaving the “dumb” mag stripe on the back?

Comments (3)

  1. Norm says:

    Hey Rodney,  this is a sweet find!  I had some trouble finding the product on the PayPal site, so I thought I would provide the link for any of your readers who are looking for it.


  2. Emery says:

    In Europe, similar systems have been doployed to secure online credit card transactions. It is a physical credit card holder that, when the card is inserted at the time of transaction, will issue a unique passcode to authenticate the transaction.

    There are over 2 million such units that have apparently issued to card holders and this technology is fast becoming the European standard.

  3. Anonymous says:

    Hot off the presses, or in this case the IE8 Team Blog , is the announcement that IE8 RC1 has been released

Skip to main content