2FA - Authy or Google

hidef888
New Community Member

Will paypal ever get away from the terrible SMS 2FA and use something like  Authy or Google Authenticator?

Login to Me Too
21 REPLIES 21

Marc450
Member
Member
2018 and still nothing. I travel a lot, so I now have to pay for roaming charges on my personal phone to receive an SMS. A pretty poor show from Paypal.
Login to Me Too

Aviopene
Member
Member

Opened an account today to pay on a website that doesn't offer plain credit card as payment option. Had to use my secondary email address because the main one has been used to open an unverified account on paypal.de (unverified but with a SEPA bank account attached to it!), they don't respond to my emails and paypal.it staff can't close that account. Now I see that SMS is the default 2FA method for paypal without the possibility to use Google Authenticator. Now tell me what's the value added wrt just using Verified by Visa or Mastercard 3D Secure or similar technologies. I can't see any, but I clearly see the burden of checking yet another account and the risk of money leaking for poor security choices.

 

Dear Paypal, let me tell you just one thing... I feel my money is not secure in your hands and I think I won't let this account open for a long time.

 

Adieu

Avio

Login to Me Too

Russian-Jack
Contributor
Contributor

While nobody likes paying for SMS messages, the thing we need to be more concerned about is the lack of security inherent in SMS authentication. There have been several stories about rogue Stingrays (cellular traffic monitoring) devices in the Washington D.C. area. I suspect the only reason we are hearing about the ones there is that government is more on the alert for them there but I have to wonder whether rogue Stingrays are present in other large cities.

Login to Me Too

raceh2o
New Community Member

This request has been longstanding.  SMS is a terrible MFA (or 2FA) mechanism.  Using old-school RSA tokens or VIP app is also outdated given the vast support for Google and Microsoft Authenticator applications.  For a financial-based service organization, the best security options should be available!

Login to Me Too

PhilGUK
New Community Member

I have just turned off the mobile SMS 2FA because receipt of the messages was so unreliable. I too would prefer to use Google Authenticator. 

Login to Me Too

Rahere
Contributor
Contributor

The implementation fails because the contact point is changeable in-session. It has to be independently established.

Login to Me Too

andcas
New Community Member

Hi,

 

I would like to know if there is a way to use an external app (like authy, where you scan a QR Code) as a Two-Factor Authentication method.

 

Thanks for your time.

 

Best Regards,

Andrea

Login to Me Too

zeldatp151
New Community Member

I agree, SMS based 2FA is not secure, and the Verisign is just garbage. I would much rather use an RSA key for 2FA.

Login to Me Too

speedingcheetah
Contributor
Contributor

I know that PayPal supports Authy and Google Authenticator....my coworker has his account setup using Authy fine, but there is only SMS "Security key option in my account. How do I setup Authy I need a QR code? I have received NO responses from email support and the phone agent had no clue what I was talking about.

Login to Me Too

SunilGupta
Contributor
Contributor

I enabled 2-factor authentication using Google Authenticator. Now I cannot log in - and I do not have access to the phone number registered with PayPal for that account. What can I do to get back into my PayPal account? (This is for another PayPal account, based in the US).

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.