New PayPal Security Key – Extra Security For People Who Are Probably Safe
PayPal is looking at a new security option to help safeguard its accounts from the frequent phishing attempts leveled at its users. The additional security comes in the form of a small electronic gadget that is sized to be on a keychain, like this one used by Purdue University. This electronic security key generates new numbers every 30 seconds. In order to log into your account, you would have to enter both your regular password and the numbers shown on the device.
It is like your username and password are your ATM card, and the numbers on the security key are your PIN number. Only, it’s even better because your PIN is constantly changing. Basically, in order to do anything, a thief would have to get your card and your keys. (Now imagine a similar security key device that requires a code to unlock the display and you are getting to security that is pretty much unbeatable except by government agencies.)
The idea is that even if a hacker or phisher were able to get your username and password, they would be useless without the numbers on the electronic key. If they managed to get the username, password, and numbers, they would only be good for 30 seconds.
On the one hand, this is great security. In fact, some method of combining this type of technology with something like OpenID so that it could be used on every website, would pretty much shut down phishing and password theft and cracking as we know it.
On the other hand, the PayPal security key is basically designed to stop phishing attacks where the hacker tricks the user into divulging their username and password. Not surprisingly, these methods work best on those who are the least security aware, or those who have the least understanding of website security. While those who are most concerned with security are likely to be vigilant and thus only fooled by the most sophisticated techniques.
In other words, this security device would best protect the people who are the least likely to get one, and do the least to protect the people who are most likely to get one.
And, while we’re at it, what about people with multiple PayPal accounts (a personal, and a business one, for example)? What about business accounts? If the guy with the number key device is out sick or on vacation, what then?
The bizarre part is the number of security improvements that could be made without requiring someone to order, buy, and keep track of another piece of hardware. ING’s online banking at ING Direct, for example, requires a user to choose an image and a phrase that validates that they are indeed looking at the REAL ING Direct login page before entering a password.
The image and passphrase display over a graphical numeric keypad where the user enters their PIN. Any phishing attempt would fail immediately when the user noticed that the picture and words that are always there are suddenly missing or different.
Even better, entering the password PIN requires clicking the numbers on the screen, so not even a keylogger can capture the password.
PayPal doesn’t even offer this basic security and its next move is an electronic security key?
I know I would feel much more comfortable if when I clicked a button to pay with PayPal if I could see some sort of validation that this isn’t an elaborate deception that looks like I’m entering my PayPal username and password into my PayPal account when I am actually entering it into a form designed to look exactly like the original. All you have to do to pull of the scam on even the security savvy is a way to make the address in the URL bar say "PayPal" since that is the only means of validation PayPal currently offers.
Maybe PayPal should start by implementing some of the basics, and THEN worry about taking it to the next level.
Multi-Taskers In Trouble – Pseudo-Science Makes Great Headlines
A "news story" making the rounds the past few days details a "study" which says that multi-taskers are more likely to be distracted and make mistakes than non-multitaskers. At least that’s the conclusion they come to after dividing people into two groups, those who often have multiple things like television, videos, and music going at the same time versus those who do not and then showing them pictures of red and blue squares.
Basically, those who don’t always multitask were better at telling if red squares changed positions among red and blue squares than those who don’t multitask.
Just wondering, but could it be that people who are more likely to multitask are also more likely to be easily bored by things like, oh, I don’t know, watching red and blue squares?
These things always crack me up. Some scientists run a questionnaire, or do something like show people pictures and then leap to these huge sweeping conclusions like this. You want to study how multitasking does or doesn’t help or hurt your mental abilities, compare people doing important things and see how it works out. I’ll bet that when it actually matters, the multitasking people have about the same error rate on their tasks as those who don’t multitask, especially if their multitasking allows them to do things in such a way as to not make for the need to rush later on.
Places running the multitasking story total 350+ already on Google News. Guess we’ll be hearing more about this before everyone (multitaskers and not) forgets all about it.
Why Multitaskers Stink at Multitasking- Wall Street Journal Blogs
Study finds people who multitask often bad at it – Associated Press
Drop that BlackBerry! Multitasking may be harmful – CNN
Study: Multitaskers ‘lousy at what they’re doing’ – USA Today
Self-Proclaimed Multitaskers Aren’t That Good at Multitasking – Lifehacker
Of course, what is really funny is that this isn’t groundbreaking. It isn’t even remotely original. Consider these previous media flare-ups about multitasking.
March 2007 – Warning on the Limits of Multitasking
Nov. 2007 – Is Multitasking Driving You Mad?
July 2008 – The "Myth" of Multitasking
Now, if you will excuse me, I’m going to listen to some music while I write some more articles while downloading a rap about Arlington off of Youtube.
Good day.
The Limits of Technology
Every once and a while a news story comes along to remind us that any technology has its limits.
Yesterday, in Alabama, a semi-truck driver drove his rig into a 12-foot high tunnel. His trailer was 13 1/2 feet tall. There are sensors which detect vehicles over the high limit and activate flashing lights and a sign. The detector functioned properly, as did the blinking lights and signs. The truck driver drove into the tunnel anyway. The reason?
The driver’s GPS system had routed him and his truck this way.
No doubt, the driver saw the signals and hoped that there was enough wiggle room built into the system that he could get through. Truck drivers are often paid either by the route mile or a flat fee for a certain delivery, and stopping and going back to find another way would have been both time consuming and expensive. I’m betting he weighed the options and decided he would just hope for the best. That didn’t work out so well.
Technology Aids Not A Solution
Sometimes it seems as though our technology can do anything. GPS systems have made navigating the route to any destination easier than every. The height detection system setup in front of the tunnel makes it unnecessary for drivers to know the height of their vehicles or loads because it will warn them if they are too high. But, neither system replaces the need for human judgment and intelligence.
The GPS system does not calculate how high the tunnels are (it may not even know they are there, at least as part of the routing algorithm), nor does it know how high the vehicle is that is asking for the route. Both would require human knowledge and intervention, perhaps the trucking company distributing a memo or file to truckers in that region to not use certain routes due to low tunnel clearance.
And, the warning system, can’t apply the brakes for the trucker and make him turn around. The human behind the wheel must choose safety over expediency.
While additional (some still un-invented) technologies may have averted this specific incident, the simple fact is that the number of permutations involved in the activities of the world outstrip the ability to anticipate every one of them. In the end, technology can only be an aid to human intelligence, not replace it.
Twitter Quitters Don’t Get It, Or Twitter Stay-ers Just Really Wish They Were Actually Cool
Because I have no intention of registering for an account at ABCNews just to comment on its Twitter story, I’m posting my comment here.
Read the story here first. If you insist on skipping reading the original story, the premise that Twitter IS a really great thing and if you don’t think so, its because you don’t get it. What you don’t get is that all of the reasons you think it is dumb are actually myths. (Silly non-Twitter enlightened user.)
Ah, the old modern art argument. It isn’t two blue squiggles with feces smeared on it. It is a revolutionary way to think about the enslavement of the working class in cubicles by the upper-middle class hairdressers who eat at McDonald’s. YOU, just don’t get it.
I can’t help but wonder why the users of Twitter seem to be the only ones who feel like they constantly have to "enlighten" other people about how great Twitter is. Does the lady protest too much?
Where are all the passionate defenses of Facebook and LinkedIn and other social networks? Why don’t they feel the need to constantly defend themselves? Could it be because there actually is intrinsic value in those networks, whereas you have to work, really, really, hard to make Twitter worthwhile to you. Maybe that’s because it is nothing but a bunch of junk. Or, perhaps more to the point, it is nothing more than people passing on amusing but worthless little stories and blog posts that, if you really wanted to, you could find on your own with the tiniest bit of effort.
I’m still on Twitter for that 2% of the population who thinks that means you "get" social networking, but frankly, I enjoy other sites much more.
