First Look at the PayPal Security Key for PayPal and eBay

First Look at the PayPal Security Key for PayPal and eBay

My PayPal Security Key came in the mail today. If you’re not familiar with the PayPal Security Key, it’s a small electronic device that produces a secret code that’s designed to make PayPal and eBay access more secure. The key is an oval shaped pieced of plastic with a button and a display. It also comes with a small, but heavy duty key chain attachment.

PayPal Security Key

The key is designed to be used in conjunction with a PayPal or eBay login. In order to use the key, it must first be activated. To activate the key, you must visit and click on the Activate Now button. (You can also request a PayPal Security Key from this page).

PayPal Security Key

The activation page requests that you enter the serial number located on the back of the key. After you enter the serial number, you then press the button on the key and enter the number that appears. The number will disappear after thirty seconds, at which time you have to press the button again and enter the new number.

PayPal Security Key

After you submit the serial number and the two secret numbers, you will then go to a PayPal Security Key Activation Successful page. The key also works with eBay, but must be activated separately.

PayPal Security Key

Activation of the key automatically changes how you login to PayPal or eBay. For example, after you login to PayPal, you will be presented with a page that requests the key’s secret number. You must press the button on the key and enter the number in order to proceed.

PayPal Security Key

This type of security is nothing new to corporations, but it’s the first time its been widely used with consumers. eBay chose to offer this type of security to help combat the recent rise in phishing attempts on PayPal and eBay accounts. Although there aren’t any full proof methods for consumer account security, this added layer of protection should make it much more difficult for criminals to gain access to user accounts.

Jon Henshaw
Co-Founder and President

Jon is the Co-founder and President of Raven Internet Marketing Tools.

Jon is the Co-founder and President of Raven Internet Marketing Tools.

  • Jacqulyn

    I have been trying to find out one thing. I may be incredibly stupid regarding this technology but how does the web page at Pay Pal know what your device number is? If it is transmitted through the ether, will I have the same trouble as my cell phone in remote areas like The Big Island??
    Thank you, JP

  • anon

    I haven’t read about it technology, but I am confident it’s relying on a shared mathematical algorithm which shares the same initial seed, thereby allowing both computations (on the server and on the token) to arrange at the same number every 30 seconds (once synchronized). For example (very loosely speaking), if you and I agree upon starting with the number 123456 (as the seed) and then recalculate a new value based upon the same agreed upon algorithm. If our algorithm is just to add 102030 every 30 seconds then the next number would be 225486, and then next 327516, and so on–and once it passes the ceiling (999999) it would rollover to 000000 and carryover the remaining addition. The main points are exchanging that initial shared secret (seed) the first time and keeping both ends synchronized.

  • Me

    What happens when the battery dies?

  • Bill

    And what happens if a husband and wife share the same account? Can we each have our own security key and can they both be registered to our shared account?

    Oh, and by the way, I think the idiom you want is “fool-proof”, not “full proof”.

  • Walter

    Well, assuming you can’t set the clock inside the key, you would have to pay to have a new one sent out to you. And hopefully send the old one back, but probably just put it in the bin. The battery in that sort of device should last for a good few years, however.

  • Julia

    The effectiveness of this device is questionable as using one of the virtual debit cards generated with PayPal’s provided browser plug-in and the key (these are only supposed to be good for one purchase), I was charged for 3 additional purchases including a $2200 charge to Canada Airlines (which I did not make). It is just this sort of thing that the key is supposed to protect the user against. I would additionally note that both the PayPal and the MasterCard people seemed relatively unfamiliar with how the system works and so resolving the issue has been time consuming and difficult. I cannot recommend using it.

  • Kevin

    This type of device is used by a lot of other systems for business email access, online file storage access and other things. They are very effective in that they generate a unique 6 digit password every 30 seconds. You will never use the same password to access these accounts twice. It is about the best type of security available as far as anything using passwords goes.