PayPal Community

In addition to being insecure, this feature is incredibly inconvenient for people like me who live in rural areas where we sometimes have wifi access, but not cell phone service (or vice versa). I go to log in on my wifi, but then my cell phone never receives the code because I don't have service. I have to drive 30 minutes to the nearest town and go to a library to get both wifi and cell phone service at the same time. This feature has made PayPal more or less unusable to me. In general, I wish any tech provider would ever consider the limitations that people living in rural areas have to deal with.

I also believe that a user's password should be required when electing to add PayPal as a payment method. (The option to allow re-entry of a simple code sent from Paypal to my phone to gain access to my funding is very insecure. My problem has been that on occasion, my teenager will simply enter MY email to add MY paypal as a payment method to THEIR Google Pay account and then then they will look at the code that was sent as a text to MY phone and then enter it on the prompt on THEIR phone. "POOF" my PayPal is now added as one of their payment methods on Google Pay. A belt does not always work. I enjoy having passwords for good reasons! Please eliminate the singular text code option asap! Thank you! I'm ok with the requirement of either password by itself or password and code, but definitely not ok with the text code as a stand alone option to gain access to my funding. Thank you! (I hope that someone that can shed light on this issue will read my concern, and recognize that it's a real issue with parents, in hopes of a possible rectification to the problem...but, unfortunately, I think that this may just simply be a chat helpline...) Any suggestions as to where I should direct my concerns? Thank you!

No suggestion on where to redirect.  Paypal is ignoring all of us on all known contact methods hoping we go away.

I agree. I have 2-factor with authenticator app enabled, and this one-time code completely bypasses that security mechanism! So if someone hacked a sim card, they would have insta-access to my account. I'm removing all of my accounts from paypal.

@PayPal_Natasha , please explain how this feature is meant to protect customers. 

 

If someone steals my phone, they can immediately make a purchase with Paypal without needing to know my password OR be able to get past the log-in screen of my phone, as these one-time text notifications pop up directly on the lock screen.  Who is this even benefiting other than potential criminals?

 

For one of the biggest payment processors in the world, this is an insanely stupid security risk and might cause me to drop Paypal altogether.  

I agree, offering to send a code to a phone, turning it on by default, and not allowing it to be turned off are all EXTREMELY insecure and unacceptable.  

What the hell have you guys been smoking?
How does a mandatory bypass of 2FA help anyone except unauthorised users?

 

I'm going to have to take my cards off Paypal.

How is this enabled for the protection of our customers? Anyone can log in to your account as long as they have access to your phone they do not even need to unlock the phone to see the one time code!! Logging in with your password should be enforced and if a second factor of authentication is configured it should be required too!!

 

This is not secure please provide a way to disable this feature!

What PayPal is doing here is the equivalent of forcing all their customers to leave their front door unlocked, and saying its "for their protection".
SIM swapping is common. That's all a thief would have to do. Forced SMS code login ability, with no way to turn it off, is pure madness. I struggle to comprehend how one of the world's biggest payment processors thinks this is a good idea.
@PayPal_Natasha- This feature removes protection from customers accounts. Please remove the feature or add a button to permanently turn it off.