Either way, someone guessed, stole, or cracked their way to my paypal account, and bought a couple hundred dollars worth of shareware via SWReg.org. The funds came from a savings account so my first warning actually came from paypal, who placed restrictions on my account after the first couple login attempts failed.

I called up to report the fraudulent charges, and while the woman did helpfully explain that I could have done this all without taking my fingers off the keyboard, it was a good thing. Besides being incredibly nice to someone asking questions from the FAQ, She also gave me a little shpiel about their new security keys, and offered to send me one. Given my love of 1) free shit 2) security (present idiocy notwithstanding) 3) gadgets, I think you can guess my answer.

It's a VIP token, a pretty badass little toy. You push a button and it generates a 6-digit number that's good for 30 seconds or so, which you use when you sign into your paypal + ebay accounts. Not only that, but since it's made by verisign, you can add it to your PIP openID as well. Now, in addition to having changed all my internet passwords, I've got ridiculously strong security on anything that I sign into with OpenID. I'm using it for this site with openID+ v2.0(released friday), although the previous versions have been glitchy.

Unfortunately, I still haven't finished with paypal yet. I have a premier account, which at some point required a land line. I no longer have a home phone, so they have to physically mail me something, to restore my account.  That's just for the restrictions, though. They've already refunded the fraudulent charges.