GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It has a window that generates a six digit code that must be added to your regular PayPal or eBay password adding a layer of security to the transactions. It generates a new code every 30 seconds. Somehow it must synchronize with PayPals servers. I speculating but it may receive a timing signal or sync code from the GPS satellites and then generates a code based on an algorithm using your serial number. (?) A pretty good idea.
It took about a week to receive my key. Upon receipt, I logged in and activated it using the serial number printed on the back and entering two successive security codes generated 30 seconds apart. It worked fine.
I had thought about putting it on my key chain but it was just a little too big, about the size of a flash memory chip or possibly a remote key lock for your car. It was just a little too much with all of the other real keys to keep in my pocket.
Two days after activation, I went to use the key. I pressed the button for a security code. It was completely dead. I called service at PayPal. After staying on hold to get a service rep, it took another 15 minutes wait for her to figure out what to do.
I was told to dispose of the dongle and order a new one. I explained that it was only 2 days old. She said they don't have a return or replacement system in place. I asked for a refund. "They don't have a return or replacement system in place"!
I guess I have to eat the $5.00!
It is a good security idea, especially if they can make it work. It is branded by Verisign on the case.
If you see this thing advertised on your next visit to PayPal, beware! You may end up eating $5.00.
Well, since I had to eat the $5, I thought it would be worth a look inside the dongle. It had a Panasonic CR2032 3 volt battery. It was reading slightly less than 2 volts so I guess the battery was dead. It looks old and tarnished. There is a single chip embedded in a blob of epoxy, what looks like a clock crystal in a cylindrical case held in place by a dollop of glue, one surface mount transistor, and about a half dozen surface mount discrete components, probably resistors and capacitors.
I unscrewed the board and looked underneath. It is dated October 30, 2006. The display is held in place by the case. Since it is a cmos display, it receives its signal through the in line rubber mounting strips that have the carbon channels embedded within that mate up to the display connectors. I have seen that before in hand held instruments I used to repair. It is reliable as long as it doesn't get wet or contaminated with salty sweat or water.
I don't see anything that looks like an antenna, either overt or built into the board circuit. Maybe my GPS guess was off base. I guess with a 30 minute security code window, it would probably stay in sync long enough to wear out the battery, which was only two days in my case.
The battery is serviceable, it slides out of the holder. A new battery would cost about half what a new unit would cost and it may lose its programming when you change the battery. There are ten labeled pads on the board probably for programming access.
A good idea but shipping with a dead battery and having no replacement system in place is poor customer service. I guess PayPal is pretty secure in their monopoly.
When you consider that a wristwatch battery lasts for literally years, with the thing powered up 24/7/365, I find it hard to believe that paypal can't provide a dongle that has a battery life of more than 2 days.
Rather, I suspect that your description of the battery looking "old and tarnished" is the key. Regardless of the production date on the device, the battery might be older, or the device might have seen a hostile environment.
I also suspect that the programming is kept in non-volatile memory (though of course that is just a guess).
Sounds like you didn't get a new unit, or perhaps the crate from Indonesia that the thing came over in was in a storm on the sea and some salt water intruded. Whatever.
It might be worth cleaning up the contacts and dropping a new battery in, just to see if it works. If it does (or if it doesn't) then flame paypal all over the internet; you certainly have cause to, but if it works then you have a working dongle without any further hassle.
edit:
Oh. I am sure you are wrong about using GPS to get a time signal. Easier to just have an NTP client embedded in the dongle and get the time off the internet from an NTP server. Alternatively, if they are only interested in relative time, it could just self-time, based upon a time mark it gets from paypal.
Our shop uses RSA tokens almost exclusively. We issue them to our clients for use in customer interaction. We usually see a decently high rate of token batteries expiring. I'm going to assume that these aren't just turned on before assigning/using them. When we receive ours from the vendor, they are already functional. I'm thinking that these are operating straight from the factory to a stockroom. One should not assume that their assigned token will be working for years on end. The batteries are not designed to be replaced (and the unit isn't designed to be opened).
$5 for a replacement isn't a bad deal...I know we charge tons more than that to replace our clients' tokens.
Agreed but two days works out to a cost of $2.50 per day. I doubt that your customers would accept a cost that high for using your service.
BTW, I didn't open the unit until the PayPal rep said to pitch it in the trash and order a new one at $5.00.
I'd consider two days of use the norm only when 2 days of use is the actual average. Flukes sometimes happen.
I highlighted the opening of the RSA just to highlight that this isn't a normal thing that everyone should be doing (meaning, the batteries aren't part of normal maintenance and that RSA tokens should be considered maintenance-free items...if it doesn't work, ship it back and get another).
Update: Paypal's customer service department sent me a customer service survey regarding the security key call to their department.
I filled it out stating that the security key had failed two days after receipt, that the customer service rep said the only thing I could do was to order a new one for $5.00 which I didn't feel was a fair policy.
They service manager agreed and shipped me a new unit free of charge.
I have had it a couple of days. So far, so good.
This is the only problem I have ever had with PayPal in at least five years of continuous service. I am pleased that it turned out well in the end.
Jeff
Last edited by jlgreer1; 11-05-2007 at 06:59 PM.
Reason: correct spelling error
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.