Google authenticator for consumer

Gifter1
Contributor
Contributor
Posted on
‎Jul-03-2017 06:34 AM

I am a consumer and not a merchant, and thus cannot use Braintree.  Can I nonetheless use Google Authenticator for dual factor authentication?  My problem is that I am based in three different countries and so my mobile number keeps changing.  In addition, mobile numbers are more subject to hacking that Google Authenticator.   

Login to Me Too
Login to Reply or Kudo
5 REPLIES 5

aharpole
Contributor
Contributor
‎Jul-06-2017 09:34 PM

This is a real security issue. 2FA can make accounts much safer but not if they force you to use your phone number which becomes an attack vector. 

 

It just happened to someone I follow on Twitter today

 

Allow users to use tools like Google Authenticator.

 

 

Login to Me Too
Login to Reply or Kudo

Stuck-Up
Member
Member
‎Jul-09-2017 06:02 PM

SMS text messages are NOT SECURE!!!! e.g. https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/

 

(Voice phone calls may be a little bit more secure than SMS text messages, but not much.)

 

Please, PayPal, support some widely available 2-Factor-Authentication standard - like the TOTP used by Google Authenticator and many similar apps.

 

 

---

 

If TOTP using applications such as Google Authenticator is available, then ... I have not been able tio find it.  Certainly not on my computer account.   Some of your web pages suggest that some non-SMS form of 2FA is available (possibly for business accounts but not consumer accounts?) but https://www.paypal.com/myaccount/settings/securitykeys/add only mentions SMS.

Login to Me Too
Login to Reply or Kudo

fincle
New Community Member
‎Jul-27-2017 10:35 AM

Agreed, SMS messages are a pretty poor effort secturity-wise. They don't even support hardware options like U2F keys (aka Yubikey). I used to have an authenticator app setup, that is, up to a few months ago.  I bought a new phone and went to get all the 2FA google authenticator app stuff setup and I can not find the option anywhere in the security settings. 

 

Apparently this happened: https://www.mocana.com/blog/paypal-disables-two-factor-authentication-logins

 

It would be nice if the company were straitforward about what was going on, they have wasted 45 mins of my time looking around for where the correct button went on the controls screen.  The support help pages still have instructions for pre-2FA suspension and now we are stuck with insecure methods of account authentication.

Login to Me Too
Login to Reply or Kudo

0livier
Contributor
Contributor
‎Jan-18-2018 12:42 AM

Does PayPal really cares about customer feedback and requests ?

 

Topics around Google Authenticator (or equivalent TOTP based applications) is raised by customer for years !

SMS is not an alternative (does not work reliably everywhere) and Symantec VIP is... well no bad comment here.

 

There are tons of products and apps that are able to provide "Google Authenticator-like" services that perfectly integrates into customer security workflow (1password for example). 

 

It's a shame that PayPal still not provide a clear statement about this.

Login to Me Too
Login to Reply or Kudo

Aviopene
Member
Member
‎Feb-14-2018 04:06 AM

The answer is no, they don't care too much about security.

 

Please, read what's my "current status" right now: /t5/About-Protections/Google-Authenticator/m-p/1439019#M42306

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.