Monday, October 29, 2007

I'm not your "pal"

Q: Why should I use the PayPal Security Key?
A: You shouldn't, really.

- my version of the PayPal Security Key FAQ
So I'm checking my PayPal account balance today, because I was supposed to get a refund from a merchant who couldn't ship a Halloween costume accessory in time, and I notice a sidebar image ad for the PayPal Security Key. It looks a lot like a VPN token card, so I click on the ad to read more about it. Yup, that's exactly what it is.

Just in case you've never had to deal with one of these things before: a VPN token is used for authenticating users to a secure network. The token is initialized by a network admin and displays a six-digit number which changes every so often. The same sequence of numbers is being generated inside the network, and changes in sync with your token card. When you try to connect to the network, you need to provide the current authentication token to prove that you're an authorized user.

But here's the thing. VPN tokens are annoying. They're chunky, they get lost easily, they're yet another piece of hardware you need to carry around. My company stopped using them altogether earlier this year, and life has never been better. (I'm only half-joking.) And PayPal actually wants their users to pay FIVE DOLLARS for the privilege of having to deal with this hassle? What kind of message does that send? "Hey, uh, so, our security is pretty good, but it's not, y'know, great, so maybe you want to add another security feature to your account? And, hey, it would be great if you could, like, chip in for that. Yeah."

To quote Dr. Evil: Riiiiight. Not gonna happen, sorry. And stop annoying me with those damn interstitial advertisements after I log in. Seriously. Just stop it.

No comments: