PayPal Community

Only1KW · ‎Nov-01-2021

Recently when logging in, Paypal has started offering me the option of logging in with a one-time SMS code to my phone rather than a password. This seems incredibly insecure to me and I'd prefer not to have it on my account. I cannot find any way to disable this when I check my account settings. I've spoken with half a dozen agents at this point about this, and half have told me it can't be disabled and half told me they'd send me instructions on how to disabled it, but either the instructions never arrived or were not relevant. How do I go about disabling this feature on my account?

kernowlass · ‎Feb-17-2024

@tom_b_203

This 'thread' to which I posted to a few years ago is one that has been 'merged' with lots of other posts of folks asking the same question.

So I would have answered that persons query as a new query and probably gave the same advice as just like the first thread the answer could have been one of two answers given dependent on which 'code' they were referring to.

I didn't update my answer as a moderator posted below mine originally. However the second time if the person had clarified what they meant I could have given the correct answer to the issue which I believe is now fixed.

However if you feel you can do better then feel free to post the correct answer instead of correcting mine as I see you have helped so much in the past.....NOT.

Advice is voluntary.
Kudos / Solution appreciated.

darkchiaki · ‎Oct-08-2023

@kernowlass

It was not my intention to offend you personally. Sorry, I apologise for that.

Anyway, I think there is no advice possible, as this has nothing to do with 2FA at all. The only solution would be for Paypal to remove this "feature" in question, or make it a option disabled per default wich everone can enable.

7_4WarFuror · ‎Dec-06-2023

I have just finished a round of messages with PayPal and talked on the phone to 2 people there, including one on the "Security" team- LOL. I find it infuriating that the PayPal staff constantly refer to it as 2-factor auth, when it is clearly *not*. Then the security lady tells me, a 10-year+ customer, that maybe PayPal isn't right for me. They let you turn off autologin(though they intermittently turn it on again, requiring it to be turned once yet again)- they should let you forever disable one-time code access on your account. I *always* want to be required to enter my long, complicated password. This must be addressed.

7_4WarFuror · ‎Dec-06-2023

Here is PayPal's well-guarded mailing address. I am going to write and get a response in writing, hopefully from a knowledgeable and competent person. PayPal [removed] Omaha, NE [removed]

JanS2PP · ‎Dec-10-2023

Absolutely horrible "feature". It's neither secure and on top absolutely annoying to use. Like why do we live back in 2005 when I need an SMS rather than being able to just click open a notification from the app and confirm with my finger print? And then pretending it's secure? My dear, that's just pure nonsense. Get your game together for how much transaction costs you ask for.

7_4WarFuror · ‎Dec-20-2023

So I snail-mailed PayPal's Customer Service department, explaining the frustrations with this security **bleep**, and particularly that their staff does not seem to understand that this is not 2-factor authentication and it cannot be turned off. Their rep replies and says...wait for it....if I don't like 2-factor authentication I can go turn it off in settings. Absolutely infuriating, and very alarming, that so many people there cannot distinguish between 2-factor auth, which tightens security, and this stupid one-time code "feature" which greatly weakens security. I wish Brian [Removed] or someone would write about this to give the problem more visibility as I feel like I am just shouting into the wind.

Typhoen · ‎Dec-20-2023

That's insane that they think this is 2-factor authentication. It's 0-factor authentication. Here's how it works on a Mac and browser, with anyone who can get logged into the computer, either at the desk or remotely (via screen share).

1. Send one-time passcode to Messages. <Click>

2. Autofill code from Messages. <Click>

3. They're in.

That's how a remote hacker got into my PayPal account on my computer and went on a tear. The hacker tried but didn't get into my six other banking sites, because all those sites need a PASSWORD! PayPal just rolls out the red carpet for anyone on their page. "Just click here, and come on in!"

adampcompton · ‎Jan-23-2024

New year, new reply on this post, because this absurd feature is still present.

Just went to log in on a BRAND NEW PHONE (I did not import ANY old settings from my old phone) and got the option to "Log in fast with a one time code!" The code was sent to my phone and that immediately got access to my Paypal account.

Let's be clear, with this feature, ANYONE who gets access to your phone (or iMessage account on a computer) can immediately access your Paypal account with no further hindrance. Tagging a few more moderators to see if anything can be done. This is absolutely insane behavior from a finance company.

[removed]

SpiffSpaceman · ‎Feb-04-2024

Today PayPal chat agent told me the one time code is only available when I am at a trusted location (since they track that) and IP address.

“If your phone was stolen and someone tried to access and receive a code to login to the account, PayPal's security system will be triggered as we compare the IP addresses and the location as to where the person who is trying to access the account is. This will prompt the system for the user to put in the password itself to login successfully. You see, we always detect your location and if the location is not the usual place where you are logging into the account, our security system will be triggered.”
“ PayPal cannot remove this security feature however, you can activate your 2-factor authentication as we have more ways to secure your account with the 2FA by using third-party apps such as Google and Microsoft.”

7_4WarFuror · ‎Feb-05-2024

Interesting- in all my interactions with them on this subject, no one ever mentioned it. I will check as I am out and about in various places this week. I think the IP address part is a weak link- my phone is likely to have the same IP address(form my cell carrier) regardless of where it is, until such time as it is renewed(and maybe even after that). The location piece is different. I will see.

In the meantime, maybe I'll pen a letter to Elizabeth Warren about this. I'm not one of her constituents, but she *hates* the finance industry and their abusive practices. She'd latch onto this like an angry bulldog 🙂

PayPal Community

How do I disable one-time codes

Haven't Found your Answer?