PayPal Community

Drizzt321 · ‎Jan-24-2019

Why does PayPal only offer SMS based 2FA OTP? There are KNOWN problems with people who have their SMS hijacked so an attacker gets their SMS messages so that the SMS OTP is compromised, and thus an attacker can still login to their PayPal account.

Supporting proper OTP using a program such as Google's Authenticator app, or similar, would be MUCH more secure.

Nico_R · ‎Mar-21-2019

I am totally joining the question here!

Coming from PayPal it is absolutely inacceptable to not offer a proper 2FA through apps like Google Authenticator, Authy or another one. I mean as a basic user you usually have either a Credit Card attached or some credits lying on your PayPal account and it is a serious major security risk to only rely on SMS 2FA which is hackable like 1, 2, 3...

I mean it should not be complicated for Paypal to implement a proper 2FA with an app... It took me less than a day to figure out and implement it on a friend's web-site who is selling kitchen equipment...

Paypal is proposing an obscure solution through BrainTree, but after spending 3 hours banging my Brain around it I still don't understand how to get the Braintree 2FA for my basic user Paypal account. From what I understand it's only reserved for PayPal Buisness accounts which is totally understandable but also absolutely unacceptable in the fact that it is not provided at all, easily or by default to a standard user who is using PayPal to pay for stuff online like me. I mean isn't it the whole purpose of this Service ?

So since my old paypal account was hacked (immensely luckily a week after my credit expired) I basically created a new one that I use ONLY if I have NO other choice for paying online. I mean I now prefer to wait a week for a bank money transfer to the e-shop I am buying from or use any alternative payment methods rather than using PayPal. And when I have no other choice (because unfortunately some e-shops don't have any other options) I basically make my payment through Paypal and delete my credit card from pay pal right after every single time.

Even if my account hack happened already some time ago I am writing all this post because my friend's account (SMS 2FA protected) got hacked not so long time ago without his phone being stolen and unfortunately for him his credit card was still valid resulting in over a 1'000 (USD equivalent) spent on a Presidential Suite in a hotel in Morocco and a luxury car rental for 650 (USD equivalent) in India...

It's a pity... Paypal I a good solution for paying stuff with moderate anonymity but I will avoid it as much as possible as long as they don't implement a proper 2FA and I strongly encourage everyone to do the same.

zz5g72 · ‎Jul-17-2019

It does ! I set it up several weeks ago. I use the MS Authenticator.

Drizzt321 · ‎Jul-17-2019

Well that's new! Wish they had made a bigger deal out of it so I could have updated/added that before.

sunnydayheroph · ‎Jul-21-2019

I'm using the web version of paypal. where can i activate the ms/google authentication? I can't find it in any settings.

ricktendo · ‎Feb-20-2020

I can confirm 2FA setting does not exist in my PayPal Business account, I don't know if this is due to a redesign but its not there.

I am attempting to disable this temporarily while I switch phones, but I am stuck because I cannot find the 2FA settings in my account.

PayPal please fix this PRONTO, or provide us a link to the missing 2FA settings page.

ricktendo · ‎Feb-20-2020

OK so I managed to find the URL for 2FA by login into a personal account, this link also works for business.

https://www.paypal.com/myaccount/security/twofactor/authentication

PayPal Community

Why doesn't PayPal offer proper 2 factor authentication?

Haven't Found your Answer?