PayPal E-mail authentication
PayPal is one of the 2-3 most phished brands out there. That means they are targeted more often by phishing attacks than anyone else. If you use PayPal, then you need to be aware of the security capabilities they use to protect your account information. NetworkWorld had a recent interview discussing their security methods.
- Two-factor authentication – PayPal will issue you a token to more securely authenticate to your account. It costs $5 and you’ll have to carry it around. I definitely adds more security to your account, but you have to carry the thing around. Did I mention you have to carry it around? I think using a strong password will provide enough security.
- Signed e-mail – PayPal also used a technology called DKIM (domain keys internet mail) to add a digital signature to any emails they send to you. Many of the major email client (yahoo and gmail for sure) will tell you the message is signed. This verifies that the message is actually from PayPal and not from an attacker. Below you can see what the signature looks like in Gmail. The “signed-by” and “mailed-by” fields show that paypal.com has sent the message.
As usual, an ounce of awareness is worth a couple of pounds of protection. Your own knowledge is far and away your best defense.
*** This is a Security Bloggers Network syndicated blog from Security Mike's Blog authored by Mike Rothman. Read the original post at: http://securitymike.blogspot.com/2008/02/paypal-e-mail-authentication.html
