Friday, September 28

A $5 Investment Against Phishing

This new device can help protect you against online scams and theft.

How safe do you feel with all your online accounts? I know when I really think about all the financial data I have on the web--technically accessible to anyone--I get a little queasy. I try to never click the links in e-mails to secure sites. But just when you think you're being careful--and lulled into complacency--an e-mail comes along containing a link that you click on. You realize you've just logged onto a financial site and the panic sets in.

I've done it myself--caught by a phishing e-mail. Should this happen to you, the best thing to do is immediately log out and close your browser window. As fast as you can, open a new window, type in the website URL--whether it be PayPal, your bank or your investment advisor--and log in again. Change your password and your heart will stop feeling like it's about to jump out of your chest.

Always make sure your wireless network at home is as secure as possible. I recommend using WPA over WEP, since WEP can be hacked by a junior high school student. Someone can pull up to the curb in front of your house and pick up your signal, log your keystrokes, get your passwords and drive away.

These are all pretty scary scenarios. But, VeriSign, previously known as the worldwide clearinghouse for credit cards and cash, has developed a new technology. VeriSign Unified Authentication provides two-factor authentication credentials through a one-time password token.

PayPal has embraced this technology through a new device, aptly named the PayPal Security Key, which looks like a small pager. PayPal generates a new--and different--security code every time you log in to your PayPal account. Just enter the security code displayed on the device's small screen after you enter your user name and password, and you're in.

Can anyone else pick this number up from your wireless network? Possibly. But the key code changes every 30 seconds, so even if someone does get the code, it will be invalid within 30 seconds.

If you're like me, the first question you have is: What if I lose it? You can still log in to your PayPal account if you can't find or break your Security Key. Before you can log in, though, PayPal will ask you questions to confirm your account ownership.

The device is available for $5 from PayPal. If you'd like your own Security Key, visit the security key area of PayPal. This technology will surely catch on with other financial sites, and technically, the device could handle codes from other companies. But only time will tell how this technology will progress.