Having recently listened to the series on multi-part authentication on the Security Now! podcast (particularly episodes 90 and 103), I got this (very inexpensive) PayPal branded security key to use with my eBay and PayPal accounts. The device is actually made by Verisign and they are currently testing it’s use with OpenID. I wouldn’t have previously recommended this for most people, but after reading today’s news about botnet attacks on eBay, I think that pretty much everyone should spend the $5 and get one of these.
Because I like gadgetry I’m sore tempted to do this. However, I don’t really use PayPal anymore so there apparently is no point.
This makes me sad.
I would still recommend it because of being able to tie it into OpenID via Verisign Labs. OpenID is getting wider adoption across many online services. The Verisign branded security keys are currently $30, whereas PayPal is subsidizing most of that for their users.