cancel
Showing results for 
Search instead for 
Did you mean: 

How do I disable one-time codes

Options
maxigalera
New Community Member

I'm also concerned about this feature and wanted to support above comments with my message adding visibility. SMS one-time code shouldn't be considered as a default security feature and at least we should have the choice to disable it and leave only 2FA through an authenticator app, a physical key or whatever.

 

Hope Paypal fix this soon.

 

Cheers

How do I disable one-time codes

Options
VirusDancer
Member

Meh, yeah, happened to me today.  Woke up to see there had been a text sent to my phone.  I login to PayPal the normal way with password and 2FA.  There have been no withdrawals, but when I check the managed machines - I see a machine named ginna in there that had accessed the account.  I remove it, hoping that what it says about requiring additional security to login - but given this one-time code bypasses 2FA, I don't have much hope it will make any difference.  I did see the post about changing the number to a Google Voice number, but when I tried that they say it can't be a VOIP number.

 

There doesn't appear to be any sort of news coverage of the matter that might drive PayPal to make any changes here.

How do I disable one-time codes

Options
JawasForJesus
Member

Same thing here. Got hit with 4 one time requests back to back. Had a good 10+ year run looks like I'm removing all cards and info until this is resolved. RIP my paypal acc.

How do I disable one-time codes

Options
acegrrl
Contributor

I guess its goodbye Paypal for me.  Shocking how poorly secure this option is, and no way of turning it off!  

I have got 4 one-time codes delivered to my cell phone suggesting that someone is using my email to generate them, and probably has my phone number too, so high risk of getting access.

You can set up all the 2FA you want, but if someone has your email and phone number, they can get access to your account through this one-time code feature.

 

 

How do I disable one-time codes

Options
shooper6
Contributor

It's like nobody told the paypal team what the "2" in "2FA" stands for. If I can sign in with a six digit code sent to my phone with NO password, that's only one factor of authentication! What really blows my mind is that not only does it skip my password, it even skips the authentication app that I just set up. Meanwhile if I choose "use password instead" it makes me type in my 25 digit password and then put a timed code in from my app. Hopefully anyone who gets access to my phone will be polite enough to choose this option.

 

Until then, I will be removing my cell number from this account and putting a Google Voice number instead (thankfully Google actually has good security practices) and I will be removing my banks and cards from this account. I will also make sure my family does the same and refuse to pay for services through paypal until this is resolved. I thought it was bad that Venmo doesn't even support 2FA except for SMS codes but at least they still ask for my password. How embarrassing. 

How do I disable one-time codes

Options
Sea_Monkey
Member

Discovered this asinine security """feature""" after trying to set up TOTP 2FA and then watching it be bypassed entirely with an SMS code. What even is the point of all those other security options Paypal provides in its settings if it permits anyone to access my account with just an sms instead of the password. And then ignoring an issue for so long? Obviously I'm closing my account.

How do I disable one-time codes

Options
mattaw
Member
The irony of having to enter my password & 2fa totp code to reply to your post, yet an automatic code sent to my phone for transferring money is overwhelming. PayPal, is this a sick joke? We are not finding this funny.

How do I disable one-time codes

Options
shooper6
Contributor

Small update: I signed in a few hours ago to read the replies on this thread, and I was *still* given the option to sign in with a code which bypassed my password and authenticator app OTP. However, this time the code was sent to my email instead of my phone. I appreciate the slight improvement (assuming this wasn't some sort of fluke and an actual improvement made by the team) but to be clear that's still not good enough at all. 

How do I disable one-time codes

Options
Executor32
Contributor

I figured out how to switch it to email codes instead of texting them.

 

On the website, open the Settings page, then under Phone Numbers click "Change" next to your mobile number, uncheck the box next to "Send you text messages", and click "Done".

 

Or, in the app, tap your profile icon in the top right, then tap "Account info", then "Phone Numbers", then your mobile number, and turn off the toggle next to "Send you text messages".

 

Still no way to disable the feature entirely, unfortunately, but I trust my email account's security a lot more than I do my SIM card's.

How do I disable one-time codes

Options
veedub99
Contributor

Thanks Exe, that helps. Doesn't solve the problem but I will definitely do this.

 

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.