Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 21 Jul 2018, 11:53
All times are UTC - 4
 Forum index » Off-Topic Area » Security
PayPal does support VIP hardware tokens!
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [1 Post]  
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1734

PostPosted: Tue 05 Jun 2018, 14:26    Post subject:  PayPal does support VIP hardware tokens!
Subject description: even though they make it hard to activate one
 

Some time ago I bought a box of hardware tokens labeled PayPal and VIP.

I figured this would enable me to add a one-time code from a physically separate device to my PayPal login, making it much harder to hack.

My next problem was that PayPal did not want to admit they still supported this, though I could see videos about people using them. There simply was no way to navigate my account pages using buttons to reach the page needed to activate 2FA with a hardware token. They mainly depended on text SMS messages, which present another problem due to vulnerabilities in SS7.

Here's the answer, though, as you might expect, the exact web pages have changed.

The trick is to enter the exact URL while logged into your PayPal account.
Code:
https://www.paypal.com/us/cgi-bin/webscr?cmd=_setup-security-key
I haven't found any way to navigate to that page without typing the URL.

For most people the free VIP app on a smart phone will be easier, and that should be more secure than simply sending an SMS text message over SS7. The problem is that programmable devices like phones can be hacked. Hardware tokens designed to resist tampering can't as easily be hacked. With a physically separate hardware token neither your mobile phone nor your computer ever has the seed that generates time-dependent one-time passwords.

What ain't in there can't be hacked.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [1 Post]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0219s ][ Queries: 11 (0.0032s) ][ GZIP on ]