Why am I only allowed to create one security device for 2 factor authentication?


I want to utilize TWO Yubikeys so that I have a backup incase one is lost/stolen/breaks/etc. This is a VERY standard practice when using physical security devices like Yubikeys and as far as I've found, PayPal is the only service I'm using at the moment that hasn't allowed me to pair a a second YubiKey with my login for 2 factor authentication means. 

Am I missing something? Is there in fact a way to utilize a second key? I click on "add new device" just like before, but now I'm only presented the option of adding a phone number for SMS verification instead of the ability to pair a second physical security device... 

Just adding a comment to also say this is quite ridiculous this has not been implemented. I have a key that is for on the go and a backup key I have at home. I would like to only have to rely on my physical keys but instead of walking across the house every time to grab my car key set, I end up using the authenticator app which I ultimately want to remove as many accounts as possible from that. 

I am even thinking of quitting PayPal. Having no such feature is a no go for such an important app.

Really hope PayPal is reading this post.  Having the ability to associate multiple physical keys for backup is a standard.  Please action this feature request.

Yep, found this thread looking to see if this was a bug or what.


It looks from the UI like this is half implemented: Part of the process asks you to assign a name to the key, as is common practice.  And it appears as if all they would need to do to support two keys (primary and backup, as is industry standard) is simply to not go out of their way to remove the option after you've added a first key.

So basically someone at PayPal literally put in time and effort to break this intentionally.  I can only assume they'd only do something so completely asinine at the misguided behest of some useless executive.  Maybe two keys is "too complicated" for their userbase?  Doesn't matter, it's nothing short of a self-own.

Frankly, I barely ever use PayPal for anything anyway.  It's always been an awful app...it only had a hayday for a while when there wasn't any competition.  Now there's tons and literally every last one of them is wildly better than PayPal that never tried to improve anything and is clear from mis-features like this one, actively works against bettering their own product.  It's bonkers, but it is what it is.

Just adding my +1 for this.  There is an option for authenticator app in addition to key but it's still annoying as I have to remember which yubikey to use (I have two).

One more +1.


Paypal, please be professional about that issue. Giving ability to add only one key is simply not acceptable from security POV.

I give you good example: Apple requires (mandatory!!!) at least 2 keys for iCloud 2FA - exactly because having one is not secure, it can be lost.



You are not amateurs, are you?

Seriously, this is still a thing?

PayPal was one of the obvious first accounts I wanted to secure with my Yubikey(s), but come to find out they STILL don't allow a backup key?


What is the point in even having support for hardware keys if you then force the use of SMS as the backup?

I cannot believe it's 2023 and this has still not been addressed !!! Allowing only the use of a single hardware token makes no sense at all. I also don't get why I cannot register multiple authenticator apps ... please, please, please...fix this.

Is it still an issue? Really?
We're in 2023, PayPal. 

Absolutely ridiculous.  Everything on the planet including Yubikey says ALWAYS have a backup key.  Get it together PayPal, this is too stupid to put into  words in 2023. Please fix it. NOW!

