This image was lost some time after publication.

Earlier this year PayPal introduced a security fob that generates a six-digit code every 30 seconds, meant as an additional layer of protection against online identity thieves. However, one user discovered a bug that makes the key useless in certain situations. By entering his valid PayPal login and password, answering a security question and entering ANY six-digit number, he can make a purchase. eBay and PayPal have been unable to reproduce the flaw, but Romero stands by his statement, claiming the key doesn't work as advertised. "For someone who's paid money for a Security Key and is thinking their wife or brother can't get into their account because they don't have the key fob ... they're not getting the security that they assume they have."