PayPal Community

bpip · ‎Apr-24-2022

I want to utilize TWO Yubikeys so that I have a backup incase one is lost/stolen/breaks/etc. This is a VERY standard practice when using physical security devices like Yubikeys and as far as I've found, PayPal is the only service I'm using at the moment that hasn't allowed me to pair a a second YubiKey with my login for 2 factor authentication means.

Am I missing something? Is there in fact a way to utilize a second key? I click on "add new device" just like before, but now I'm only presented the option of adding a phone number for SMS verification instead of the ability to pair a second physical security device...

Byteflux · ‎Mar-03-2023

WOW holy crap. I have two yubikeys - one on my pc and one on my keychain for when I'm on the go. I've always added both to everything for convenience and security (In case one gets lost or stolen, I always have the second one to fall back to). I think it's frankly ridiculous, that they allow for a second phone number to be added, but not a second physical security key?

dinth · ‎Mar-04-2023

Not being able to have a backup key is totally nuts.

But that's not everything what is borked with 2FA on Paypal.

When im trying to set up my 2FA and i choose "Physical key" as my primary method, im being greet with a dialog asking me to set up Authenticator app (QR code, etc). Only after setting up Authenticator i can actually add physical key as a backup solution, and then swap them around, so physical key becomes a main solution, and authenticator a backup solution. Still havent found a way to get rid of Authenticator though.

PS. And what's about 20 character MAX length to the password? Seriously, Paypal is one of the most sensitive apps (if not THE most sensitive) i am using and at the same time it has one of the worst security.

And why am i constantly getting text message 2FA (literally like not having a 2FA at all...), even if i have set a physical key and authenticator app as my 2FA?

TheMadPhoenix · ‎Mar-22-2023

This is ridiculous that this is still an issue in 2023. Paypal is one of the most sensitive apps that most of us use and should allow multiple security keys along with getting rid of the other options that are less secure. C'mon Paypal, get with the security program.

AbbaTabba · ‎Apr-28-2023

Was just on with PayPal support and they say they are looking into options. I can't believe they don't have at least 1 extra slot for a backup hardware security key. I have TOTP as a backup, but would still like to have an additional security key. Most places have about 5 entries, but could be coded for any practical number in reality.

aadamowski · ‎May-09-2023

My standard is to set up second factor with 4 different security keys on the same account. 1 primary personal, 1 backup personal, 1 primary from work laptop, 1 backup from secondary work station. A single slot is ridiculous!

sscarter · ‎May-12-2023

I see that this topic has been open for over a year with no resolution. Apparently Paypal does not look at feedback here. I just ran into this when I tried to enable 2FA for a second user on my account. Confirmed with the support team that 2FA can only be used with one user. That means any additional users cannot log in securely. Ridiculous.

niklasvoito · ‎Jun-16-2023

Just here to add: Fix this dump security issue @paypal

lucidnx · ‎Jun-28-2023

Well, I guess it should be added ASAP! I wonder who **bleep** this so badly...

pitos-rio · ‎Aug-27-2023

Still can add only one hardware key. When you will fix that?

ThxAndBye · ‎Sep-02-2023

I, too would like to add my backup key to PayPal as is the reccomendation by Yubico: "We at Yubico always recommend having more than one YubiKey. This way, one key can be used as a primary key, and the other can be used as a spare."

I'm also noticing that PayPal isn't listed in the "Works with YubiKey catalog". How much does @PayPal actually care about account security?

PayPal Community

Why am I only allowed to create one security device for 2 factor authentication?

Haven't Found your Answer?