It isn’t often that I am impressed with an online retailers ability to manage security, regardless of how minor or even annoying most users would find the measures.
I recently changed the password on my Paypal account shortly after getting my act together and linking it directly to an empty bank account. I changed the password from a very basic easy to brute force one to a complex password. The change online was exceptionally easy to do, once I found where to change it, but what impressed me the most was the immediate followup email I received.
Dear Brett xxxxxx, This email confirms that you created a new password and selected security questions for your PayPal account on 8 Jan. 2009. If you didn't make these changes, please contact us at xx-xxxx-xxxx. Thank you. Sincerely, PayPal
It even contains a contact phone number for Australia rather than the traditional, email security@ or admin@ addresses you are normally provided with.
I don’t need to call them, however if they make the process of recovering your account if someone has changed your password simple, I am exceptionally impressed with their views on security.
After many of the down falls I have heard about Paypal in the past, this has raised my appreciation that Paypal may be taking security seriously and trying to actually compete with banks as a viable alternative for internet payments with the security that end users have come to expect.