Skip to content

I’ve been a huge proponent of two-factor (something you know and something you have/are) authentication for several years now.  I understand that nothing is 100% secure, but I haven’t seen anything better come along. 

I’d like to see more services provide this type of authentication option.  PayPal has a feature called Security Key that allows you to add two-factor authentication to your PayPal account.  LogMeIn has a similar implementation for even their free version of the service.  They allow one-time passwords as well as the use of SecurID cards.

I’ve used PayPal’s Security Key with some success.  I only have two concerns with it:

  1. It allows the user to bypass the security key for times when you don’t have your second factor available or the service isn’t working;
  2. The service isn’t 100% reliable (at least not the cell phone key).

I applaud PayPal for introducing additional security to their service. A system as important and valuable as PayPal needs to be a leader in online security. 

Unfortunately, when it allows the user to bypass the security key, it effectively voids the two-factor component and just asks the user for one or more things he already knows, thereby making the first factor a little more complicated and the second factor unnecessary.  The reason they do it is because the service isn’t 100% reliable. 

Even so, I’d like PayPal to allow the user to decide whether they want the system to allow an override of the second factor.  In this way, I can force all authentication to go through my security mechanism and, if it isn’t available or not working, I’ll just have to wait until it is.  I think that is a reasonable compromise.

Latest Posts

The Hidden Costs of Reactive IT: Why a Proactive Approach Is Worth the Investment

Reactive IT or relying on fixing IT issues only when they happen might seem easy, but it can

How Can You Protect Your Business From Third-Party Risks?

Most businesses today rely on third-party partners for products, services or expertise that help keep things running and

Third-Party Risks: How can your IT service provider help?

Running a business often means working with outside partners like suppliers and vendors to keep things running smoothly.