I asked eBay to explain their rationale for suggesting this switch. I received a response suggesting the change was more about bringing authentication in-house (the security key is made by Verisign) and that eBay hopes to offer additional multi-factor authentication options in the future. âoeAs a company, eBay is committed to providing a safe and secure marketplace for our millions of customers around the world,â eBay spokesman Ryan Moore wrote. âoeOur product team is constantly working on establishing new short-term and long-term, eBay-owned factors to address our customerâ(TM)s security needs. To that end, weâ(TM)ve launched SMS-based 2FA as a convenient 2FA option for eBay customers who already had hardware tokens issued through PayPal. eBay continues to work on advancing multi-factor authentication options for our users, with the end goal of making every solution more secure and more convenient. We look forward to sharing more as additional solutions are ready to launch.â
Although that doesn't fully explain why they felt the need to take things in-house. Possibilities that occur to me: 1. The backend they need to use for the old fobs is hellish to maintain. 2. Verisign charges them a lot of money and so some manager decided they should ditch the external methods for the sake of profit. Or some other sort of falling out between eBay and Verisign, but isn't it always about hope for higher profits? Speaking of... 3. It doesn't actually cost them much, but they want to develop their own in-house methods to then re-sell because upper management is still regretting spinning off PayPal and they want to create another such more universal middleman. Consider this the "??? Profit" possibility.