Hello there!
I'm using a YubiKey for 2FA / MFA for PayPal. When trying to log in into my account using a mobile browser, PayPal says that my YubiKey cannot be used as it is not supported on mobile browsers. Well that's not true. Switching to "desktop view" allows me to use my security token. When PayPal detects the usage of a mobile browser it doesn't even try to check if the browser supports the necessary APIs for authentication using a security token. It just blocks any attempt.
It's even worse in the (Android) app where I can't switch to a "desktop view" like in my browser. Therefore I'm unable to use the PayPal app unless I setup another 2FA method like TOTP which I would rather not, because it's not as secure as using my YubiKey. So this workaround is not acceptable for me.
I'm guessing that PayPal is using the Web Authentication API. This API is well supported in all modern browsers (on desktop and on mobile). Please refer to this table for more information: https://caniuse.com/webauthn
I hope that the project management and the developers at PayPal will reconsider this decision.
