Paypal's security and phishing troubles have gotten so bad, they've decided to provide a hardware solution to the problem. This upcoming Security Key from Paypal generates a unique one-time-use password every 30 seconds, which you use along with your username and regular password to log into your account.
This way, even if phishers get your login and password, they won't be able to log into your paypal account without the oft-changing key generated by your hardware.
Two caveats off the top of our head. One, if phishers learn your specific keygen algorithm (unlikely), you're out of luck. Two, if they do manage to get you to enter the username, password, and key into a phishing site, they have up to 30 seconds to use that info to log into your Paypal account and transfer cash out.
Product Page [Paypal]