I just received the newest Paypal security key cards. The screen is blank at all times until you press hard on the "press" button. It totally dissappears after a very short time. Pretty safe in my opinion. Whenever I push it again, a new code number appeared.

Awesome. It sounds like they have made some improvements.

Am I still able to get the old version of the security token instead of the card? I would definitely prefer the old version token to the card.

I compared ebay's two-factor authentication to paypals.. and ebay's seems to be stronger?

The first reason is if you're unable to enter a code for whatever reason, ebay forces you to enter a code they tell you by phoning your home phone number.

Paypal offers no such feature, and allows you to bypass entering the code using your "secret" questions (which all family/friends know!)

Secondly, paypal leaks the serial number of the device when it asks you to enter the code, ebay doesn't. Isn't this a flaw? Isn't this the seed??? Couldn't this help somebody who knows/reverse engineers the algorithm of this device better guess the codes?

If so, they should replace most of the serial number with X's.. while still allowing multiple device holders to use the correct device.

If you setup to use SMS messaging, it also leaks your mobile telephone number! This makes it really easy for friends/family etc to target the correct phone to steal! The hacker just has to call the number and voila! If they're nearby, they know who to steal from.

Once again, this could be fixed by X'ing out most of the phone digits.

There's also the flaw of when using your serial number/credential ID on multiple websites, the owner of one of those websites could have malicious intent.. and share this value (which seeds the number generator) with hackers who already know your password.. or this person may be the hacker themselves.

Hello, I would like to buy 2 yellow and white security tokens like the one in the picture. I tried to buy them directly from PayPal, but they don't have this model anymore. If someone have 2 for me and they are in good condition, please let me know, I am willing to buy them. Thank you! Alex.

This is a blog, these tokens are not for sale here. Please contact PayPal.