As soon as I heard PayPal would be offering a $5 Security Key for additional security while logging in, I jumped on it. A few days later, it arrived in the mail. It’s a great idea, but I decided that carrying a little secure key that generates special numbers for the 3 times a month I login to PayPal just wasn’t worth it.

For the uninitiated, two-factor authentication is when two separate methods are used to verify an identity. For example, a thumbprint and a codeword, or a eye scan and a smart card. The most useful in my and many other’s opinion is a One Time password token, like the Paypal/Verisign security key. This device, which is meant to be carried with you at all times (think, belongs on your keychain, and you keep it in your pocket like a key) generates a series of numbers which depend on what time it is. This number, when combined with your password, provides a much more secure way of authenticating that it is really you who is logging into PayPal, and not just some guy from across the world who happens to have guessed, or phished your password.

OpenID is a relatively new technology where you store your personal information at a site called an OpenID Provider, and then other sites authenticate to that site. You then tell the OpenID provider that it is ok to let your target website use your information and itself to authenticate you. After that, when you want to login to this target site, you just need to be logged into your OpenID provider. Maybe this video will clear things up for you.

Some popular OpenID Providers are: MyOpenID, Verisign Labs PIP, and many, many more. I personally use Verisign Labs PIP, simply because I trust Verisign, and established security company, more than many of the other ‘mom and pop’ websites who now all of a sudden are OpenID providers. Call me elitist if you want but that is just how I feel.

So, good idea in theory, but I had a pretty big reservation about it. What if someone was able to get your OpenID username and password? All of a sudden, they have access to ALL of your websites that you use OpenID with, and you are worse off than if you just used seperate usernames and passwords for each one. You do use different passwords for your website logins, right?

So, just today, I thought to myself: wouldn’t it be great to be able to use that Verisign Branded PayPal Security Key with my Verisign Labs PIP account? Lo and behold, a google query later, and I find out that they are one of the only OpenID providers to provide two factor authentication, and that my old PayPal Security key works with it! Bingo!

I didn’t really find too much information online about how to hook the two up, so I thought I would put up an explanation to help others realize the security that this provides them.

1. Get a PayPal Security Key

All you need to do is go to the PayPal Security Key Website, sign in, and place an order for it. A few days later you get a little package with your key, and then you can feel special too.

2. Login or Create an Account at Verisign PIP

The Verisign Labs PIP website has all of the information you need for signing up. Go through all of the steps needed to activate your account before proceeding to the next step.

3. Add your Security Key Credentials to your account.

Go to the “My Account” page, and at the bottom there is a section that says “VIP Credential”.

You will then be asked to enter the credential ID (which are the letters/numbers on the back of your key) and also to push the button to generate a one-time key.

Click add, and you are done!

Next time you log into your OpenID at PIP, you will see the following challenge after you enter your username and password:

At this point, you might be asking what happens if you don’t have your Security Key with you? Well, there is an alternative. They will send you a one-time pin either to your cell phone via text, or to the e-mail account that you have on file with them.

This ensures that even if you don’t have your key with you, access to your websites can still be had. Just make sure your e-mail password is different than your OpenID password!

As an added bonus, they offer a firefox plugin called “Seatbelt” that automatically fills in your OpenID location for you on sites that support OpenID. It’s nice to not have to remember your OpenID URL, which is username.pip.verisignlabs.com. It’s not overly difficult to remember but they definately could use a more catchy URL.

So that is about it - with these two things, you should be sailing along with OpenID using two-factor authentication and minimal effort and money spent!

Twitter is a great social tool - halfway between an Instant Messaging client and e-mail. You can leave messages for people publicly or privately, and you can even import RSS feeds into your own twitter stream. It has blog integration in that you can have your blog put every post you make into your Twitter stream (much like this one will be posted to my twitter stream).

At first I thought the goal was to get as many people to follow you as you can. Then I read this post from Scobleizer that basically says: it’s not who follows you but who you follow. After mulling over this I realized it does make sense… I realize I’m not going to be as popular as some of the heavyweights on Twitter, and that really shouldn’t be your goal. My personal goal on twitter is to be connected with others, see whats happening, and maybe make some friends along the way.

An initial admission is probably in order: I don’t use a feed reader to follow news. I find that it is simply too much information to follow and much of it is duplicated content. I have a handful of websites/blogs that I visit on a daily basis to get an overview of general news (I am a news junkie) and I enjoy the format of websites and the associated images that go along with a story.

Along those lines, I found myself following some pretty neat feeds - @Makeuseof, @BreakingNewsOn, @nprnewsblog and others, which are basically imports of RSS feeds from their particular blog. Some of these ‘blog Twitterers’ also inject personal commentary into their streams.

After adding @engadget to my stream this morning it hit me: I am using Twitter as a Feed Reader! For those selected blogs that import their feeds into a Twitter user, or even those twitter users that have a blog which is synced up to Twitter, I find it awesome to be able to see what is going on, without having to manage “feeds” - mark items as read, and maybe even get additional commentary on stories. No marking of read items, no ‘old unread’ information to deal with, just a constant stream of feeds sent live to my twitter stream.

If I see an article I’m interested in, I click through (via the handy tinyurl link) and read to my hearts desire. If it doesn’t interest me, I just ignore it. It turns Twitter into a social feed reader, where you can talk about stories to other twitter users.

So will Twitter take over for feed readers in general? I think for some hardcore people, a direct feed is the only thing that will work. But for more ‘casual’ feed readers, such as myself, I think using Twitter as a feed reader is a great idea. Let me know your thoughts/experiences with it!