New to the community? Welcome! Please read our Community Rules and Guidelines
Join the live Q&A with our Community moderator team Wednesdays, 1-2pm PT (4-5pm ET) and Fridays, 4-5pm GMT. Learn more in Community Events
I saw several messages asking this same question, but I didn't find any positive answer:
When will it be possible to use
SMS text messages are NOT SECURE!!!! e.g. https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/
(Voice phone calls may be a little bit more secure than SMS text messages, but not much.)
Please, PayPal, support some widely available 2-Factor-Authentication standard - like the TOTP used by Google Authenticator and many similar apps.
If TOTP using applications such as Google Authenticator is available, then ... I have not been able tio find it. Certainly not on my computer account.
Some of your web pages suggest that some non-SMS form of 2FA is available (possibly for business accounts but not consumer accounts?) but https://www.paypal.com/myaccount/settings/securitykeys/add only mentions SMS.
It appears that PayPal's only alternative 2FA to SMS is Symantec VIP Access. Given Symantec's extremely lax security wrt certificates, I for one do not want to trust Symantec in any way.
+1, I am adding my voice to raise this issue. The 2 factor authentication throught a standard TOTP app should be on Paypal's top priority list, especially since its main activity is handling people's money! And please, do not require users to install a proprietary app, we should be able to use any standard TOTP app (I am fan of the "Authenticator Plus" app).
It looks like Paypal is not taking security seriously and is not doing is best to protect our accounts/money as it should be.
Customers have been asking PayPal for Authenticator for years... I stunned this is still an issue with PayPal. Here's a Verge report on how SMS is NOT SECURE. https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin .
Pleease add Authenticator ASAP
Thank you for your feedback.
We appreciate hearing new thoughts and ideas from valued customers. By giving us your feedback, you are helping us to understand what we do well, and what we need to focus on improving. We will be sure to pass this along to make sure that the correct set of eyes takes a look at this.
Ading in my voice for the open, TOTP (time-based, one time password) standard such as Google Authenticator, Authy, LastPass Authenticator, etc. SMS can be intercepted/hacked, and requires sensitive info be sent unencrpyted every time. TOTP sends the key once, then combines it with the time every 30 seconds for a new, endless supply of codes. Get serious about keeping our money safe, Paypal!
This request has been hanging out there for years. I find it baffling that it hasn't been implemented yet. Can you please explain why such an obvious and widely beneficial security enhancement has been ignored for so long?
Agreed. And the present Symantec 2FA sucks. Paypal needs to join the 21st Century and add Google Authenticator to it's 2FA repertoire.
I am up for this too. I dont want to use SMS auth and i really dont want to use VIP Access by symantec. I already have a authenticator app and i choose it myself, not you! What is the problem with adding the widley spread google authenticator that is also compatible with other authenticator apps? I am not going to use the **bleep** symantec app, its crap. Until there is no support for google authenticator i'll have to use a ridicolus long password (36 chars to be clear) to feel safe. I am thinking about closing my debit authorization for paypal and using direct transfer to load up my paypal balance to buy stuff...oh wait why i need paypal then....
We want Google Authenticator support! And we want it yesterday!