Wednesday, March 28, 2012

Dead Paypal Security Key

imagesJust on the off chance someone else has the same problem … My PayPal security key is several years old and last night it finally quit. It flashed these messages when turned on:

(some gobbledygook strange characters)
batt  75

I presume it means the battery was low, which wouldn’t be surprising. Well, should I just give it to my son to play with, or try to change the battery? I paid $5 for it but now they don’t even sell the key-chain model, and the credit-card model costs $30. Plus, I’m in Nigeria and it would take a good while to get a replacement.

I opened it up, which is fairly easy, and found a standard CR2032 lithium battery. I slid it out and slid in a new one. Uh oh, same error message! Well, let it sit for a while without the battery, I thought. So I took it out again, waited 5 minutes, then put the new one in. Now it just shows 88888888 no matter what! The button does nothing, the display does not turn off after a minute. Shorting some of the pads inside doesn’t do anything either. So now it’s no use even as a dumb toy.

It all makes sense, though. The key works by generating a 6 digit number every 30 seconds, and the number is verified by PayPal as belonging to your key. That means it’s tied to real clock time. If the battery is low and the unit thinks it may be unable to assure the accurate time, then it has to fail. Once that state has occurred, there should be no way to restore the correct state. Changing the battery doesn’t change the fact that the time has become suspect. Waiting 5 minutes before changing the battery probably put the key into a factory new state where it is waiting for programming.

Bottom line: If your security key fails, don’t bother trying to fix it. My own feeling is that it’s not worth $30 for the current credit-card-size key unless you have a weak password or are really careless with it, but then I might feel differently if I see a $3000 fraudulent charge on my account some day!