If you run into problems trying to remember a password on your mobile or computer when trying to buy something, then things could be about to get easier.
The days of the lowly password are numbered.
The fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft. Many of us rely on the same password, while many more of us only use three or four passwords. Ideally, the best password would be something like Az1f6&jWz - but you'd never remember it.
A consortium including PayPal and Lenovo, the world’s second-largest PC manufacturer, has launched a set of technology standards that could reduce reliance on passwords, potentially making online accounts more secure.
Under the standards put forward by the FIDO Alliance, the device a person is using to log in to an account would play a more central role in authentication. That would make it impossible to compromise accounts by stealing passwords, as hackers did in order to break into Twitter this month and LinkedIn last year.
Andy Steingruebl wants you to know that he's a glass-half-full kind of guy when it comes to information security.
The reason for this optimism is not strictly rooted in the groundbreaking work that Steingruebl, senior manager of customer and ecosystem security for PayPal, and his team are doing to protect users from today's assortment of internet threats.
A 22-year-old U.K. man was convicted for his involvement in a series of distributed denial-of-service attacks launched by the hacktivist group Anonymous against PayPal, MasterCard, Visa and other companies in 2010.
Christopher Weatherhead, of Northampton, U.K., was convicted Thursday at London's Southwark Crown Court on one count of conspiracy to impair the operation of computers, contrary to the U.K. Criminal Law Act of 1977, the U.K.'s Crown Prosecution Service said in a blog post.
Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.
The holes — which still exist — were recently discovered by a security researcher.
One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. Neil Smith from Texas-based outfit Zing Checkout found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability.