As we head towards the end of 2019, I am still logging into my PayPal account and am still wondering when the antiquated SMS one time password (SMS OTP) that gets sent to me to make me feel secure will be replaced with a better alternative.
SMS OTP has been viewed as unsafe across all industries and has been widely published in the press. One only need to search for "Why is SMS OTP unsafe" in Google. Examples.
1. TheVerge on Bitcoin account hack
2. Banking and Finance sector moving away from SMS OTP
3. Howtogeek on examples of SMS OTP interception
4. Security community agreement that SMS OTP should not be used
These articles date back to 2016-2017.
There are many more secured options instead of using SMS to send a one time password. Kaspersky highlights a few. They even include a technology that has been around almost as long as the articles above. i.e. Google Authenticator.
Has anyone got any news as to what PayPal is planning around this space to address this security risk? Is anyone from PayPal going to comment or do we just give up and go to another payment service?
