Backup codes?

iyak
Contributor
Contributor

In 2FA setting, does PayPal provide backup codes, just in case of phone / authenticator loss?

Login to Me Too
32 REPLIES 32

408wij
Member
Member

Created a log in to add to the chorus calling PayPal a bunch of morons for not handling this properly.

Login to Me Too

CallMeDave
Contributor
Contributor

I'm stunned to see there is no way to generate a backup code. 

 

Twitter only allows a single, single-use code, which makes it truly last-ditch, but at least it's available. I maintain some DropBox and Google backup codes in secure locations, which I can access through multiple methods (ie paper on a safe, telephone call to trusted party, encrypted online storage, etc). I also have a physical TOTP device for one of my VPN accounts which I keep sealed in a waterproof pouch when I'm on a journey.

 

How can PayPal not provide such a standard feature, and even worse how can they believe a telephone call is the answer if I'm traveling outside the country and making voice calls is difficult or impossible?

Login to Me Too

DamianHess
New Community Member

Backup codes are absolutely vital for every TFA method that uses a losable/breakable authenticator such as a phone app.

Every other 2FA system I've ever used offers this. PayPal, please get on the ball.

Login to Me Too

paulgault
New Community Member

No backup codes? WTF!

Login to Me Too

TobyGr
New Community Member

How is this not supported!?  Every other site that implement 2fa through an authenticator app provide these codes to protect against losing the device setup to authenticate with.  How are PayPal… a financial organisation…  so behind with security.

 

It's taken years for you to introduce 2fa that's not the insecure SMS confirmation codes, and when you do, the implementation is half baked!  You really must provide backup codes, otherwise your offering is still as insecure as just using SMS codes, since we still have to have the SMS setup in case we lose our authenticator device… or worse still, you support disabling the need for the authentication on login by contacting you support team without any better way of confirming my identity!?

 

I'm seriously considering closing my account because of the lack of industry standard level of security offered!

Login to Me Too

robdee
New Community Member

I agree. Bizarre and worrying that PayPal doesn't use backup codes and just requires one to call tech support to regain access. 

Login to Me Too

CaptainVideo86
New Community Member

I agree with this thread. The lack of backup codes makes enabling 2FA useless

Login to Me Too

landdon
Member
Member

I set up my 2fa and was like **bleep** do I find the backup codes?  I'm looking all over the place for these things, and I'm glad I'm not the only one who is more than concerned that this doesn't exist.  If this isn't going to be implemented I'm going to be disabling 2fa as it's completely useless.  You realize that don't you paypal?  Many have already shared with you why they are so important to have yet you aren't implementing them.  When you do, I'll add it back.  

Login to Me Too

jamesrender50
Member
Member

Just to add my voice to this discussion.  I will not use paypal's 2FA until such time as they add recovery codes.

I see in the EU they are now sending out SMS verification codes for logging in.  Sigh, it's 2021 and simswap hacks have been around for years.

Going to search for alternatives to paypal that might value security more highly.

Login to Me Too

HazyJ28
New Community Member

I'm still here hoping they will! Please Paypal! My phone is finicky and could be one 5' drop away from bye-bye.

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.