14 DAY TRIAL // PayPal's Security Key was regarded as an extremely efficient solution to stop potential phishing or other web attacks over the PayPal members, as it generates a six-character code to be entered for authentification. Along with a username, a password and an answer to a secret question, it's probably impossible to break and get access to the account. At least this is what we know. But here's Chris Romero, an IT administrator, as the Channel Register reports, who informed that the PayPal Security Key is not as safe as we are led to believe. It appears that he managed to complete some transactions using any six-digit verification code and not the one that should have protect the account.
But according to the same source mentioned above, the eBay representatives said that they couldn't find such a bug, as the Security Key technology works perfectly for them. Here's how it works: after the buyer chooses a product and loads the page to enter his PayPal information, he's asked to enter the six-digit code. Channel Register reported that Chris Romero entered a random code (test conducted on two different computers) and he was allowed to complete the transactions. "Sure, the need of a valid username and password still exists, but Security Key doesn't work as it should", Chris Romero said.
"For someone who's paid money for a Security Key and is thinking their wife or brother can't get into their account because they don't have the key fob, they're thinking that my account is secure because it doesn't matter what anyone else has. They're not getting the security that they assume they have," Chris Romero told Channel Register.
Certainly, the Security Key was implemented in order to represent a security measure for all the PayPal members, so in case it's not working, eBay will try anything it can to correct this issue. So, keep an eye on the news to find out if the glitch is confirmed.