I came back from Birmingham today to find my Paypal security token arrived yesterday. It came with a nice instruction card on how to add it to your Paypal account. Only problem it’s wrong. I tried going to the Token link and logging it. It did not take me straight to adding the key. I had to go into my account page then clicking the link to the security key. From there it is straight forward to add it.
As an added bonus. If you use Verisign PiP for OpenID you can add the same token to logon authorization there as well. Then all you do is go to your account details. Click the Add Credential. It wants two fields to be filled in. The top one is the code on the back of your Paypal security token. The long number over the barcode, the token’s serial number. The second field is a keycode from the token. So flip it back over and press the button. Enter the displayed six digit number into the second field and submit.
Now when you log into Paypal or Verisign PiP you have to know your logon name, password AND the six digit number on your token at the time you sign in. There is a slight difference in how you enter it though. On Paypal, append the six digits to your password when you type in your password. On Verisign logon as normal and it will prompt you for the six digit code after you submit your name and password.
That is it. Now you have two factor authentication. Your password (something you know) and the code the security token provides (something you have). Without the token your accounts cannot be used.