Today was too full of Paypal pain.

Amongst other things to activate my PayPal security key, I first had to delete all my Paypal cookies, as otherwise I was only offered the option to activate SMS based security.

But in my guise of being positive here is what I think Paypal needs to do.

1) Stop shuffling customers between websites, pick a domain and stick to it. Don't send me to Paypal.co.uk simply to forward me to paypal.com/uk, and then to paypal-marketing.somewhere else. I care about my online security I have to whitelist these manually for active content, even if I didn't I have to keep an eye on the toolbar to make sure I'm not being phished.

2) Stop advertising "http:"; URLs, use HTTPS only. Why encourage people to visit using an insecure system, when a secure one is only one letter more to type.

3) Stop promoting proprietary email verification and use well established standards for same, not new ones invented by people who couldn't encrypt their spaghetti letter soup. Everyone who understands security is using OpenPGP for email, do catch up it will be simpler in the end.

4) Make it harder to access accounts when a security key is not present.

I have a lot more suggestions but that'll get them started.