Google authenticator for consumer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am a consumer and not a merchant, and thus cannot use Braintree. Can I nonetheless use Google Authenticator for dual factor authentication? My problem is that I am based in three different countries and so my mobile number keeps changing. In addition, mobile numbers are more subject to hacking that Google Authenticator.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is a real security issue. 2FA can make accounts much safer but not if they force you to use your phone number which becomes an attack vector.
It just happened to someone I follow on Twitter today.
Allow users to use tools like Google Authenticator.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SMS text messages are NOT SECURE!!!! e.g. https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/
(Voice phone calls may be a little bit more secure than SMS text messages, but not much.)
Please, PayPal, support some widely available 2-Factor-Authentication standard - like the TOTP used by Google Authenticator and many similar apps.
---
If TOTP using applications such as Google Authenticator is available, then ... I have not been able tio find it. Certainly not on my computer account. Some of your web pages suggest that some non-SMS form of 2FA is available (possibly for business accounts but not consumer accounts?) but https://www.paypal.com/myaccount/settings/securitykeys/add only mentions SMS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed, SMS messages are a pretty poor effort secturity-wise. They don't even support hardware options like U2F keys (aka Yubikey). I used to have an authenticator app setup, that is, up to a few months ago. I bought a new phone and went to get all the 2FA google authenticator app stuff setup and I can not find the option anywhere in the security settings.
Apparently this happened: https://www.mocana.com/blog/paypal-disables-two-factor-authentication-logins
It would be nice if the company were straitforward about what was going on, they have wasted 45 mins of my time looking around for where the correct button went on the controls screen. The support help pages still have instructions for pre-2FA suspension and now we are stuck with insecure methods of account authentication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does PayPal really cares about customer feedback and requests ?
Topics around Google Authenticator (or equivalent TOTP based applications) is raised by customer for years !
SMS is not an alternative (does not work reliably everywhere) and Symantec VIP is... well no bad comment here.
There are tons of products and apps that are able to provide "Google Authenticator-like" services that perfectly integrates into customer security workflow (1password for example).
It's a shame that PayPal still not provide a clear statement about this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The answer is no, they don't care too much about security.
Please, read what's my "current status" right now: /t5/About-Protections/Google-Authenticator/m-p/1439019#M42306
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.