PayPal Community

bpip · ‎Apr-24-2022

I want to utilize TWO Yubikeys so that I have a backup incase one is lost/stolen/breaks/etc. This is a VERY standard practice when using physical security devices like Yubikeys and as far as I've found, PayPal is the only service I'm using at the moment that hasn't allowed me to pair a a second YubiKey with my login for 2 factor authentication means.

Am I missing something? Is there in fact a way to utilize a second key? I click on "add new device" just like before, but now I'm only presented the option of adding a phone number for SMS verification instead of the ability to pair a second physical security device...

MattTheTechLV · ‎Nov-28-2023

Come On Paypal, Fix this! We should be able to add AT LEAST TWO FIDO2 Keys to our account, realistically you shouldn't limit the number of Hardware Security Keys at All, but allowing us at least One Backup is the Secure way to implement this. Come on Paypal...

GregSteuck · ‎Dec-03-2023

Like the rest of the commenters I'm puzzled by this choice to implement support for only one security key. I don't know of a single other place which imposes this kind of restriction. It is really quite inconvenient because I have multiple security keys, not to mention the fact the phones contain similar security elements.

The first security key took 10 years to implement since they became supported by Google. Would it be reasonable to assume that it will take 10 more years to get the second one?

untwistedapple · ‎Jan-11-2024

I don't understand why PayPal is restricting this. As well as using a key in their app. When I use the browser of my phone, PayPal accepts the key! What the hell?

LDWilliams · ‎Jan-11-2024

It seems stupid to me that PayPal harp on about security and then HINDER us from doing exactly That!

mrmizer · ‎Feb-08-2024

Well it's 2024 and they still haven't fixed this issue. Obviously they DON'T CARE!!!!!! Like it has been said, this is too stupid to put into words.

Yubico should drop Paypal from their support list for violating one of their primary rules - have two keys.

atketki3 · ‎Feb-17-2024

I know

et42 · ‎Mar-10-2024

In the past I used Paypal very frequently particularly in places where I wanted to have the highest possible level of security. To me it looks like Paypal completely messed up implementing the new security standards (FIDO2, Webauthn) and also providing a very unconvenient functionality in their app (having to provide a TOTP even after having authenticated via biometrics is just completely stupid!). And Paypal was among the initiators of the FIDO2 standard! I cannot understand their behavior. The only explanation I have is that they actually don't care for their user's security.

If a service does not meet your expectations anymore, you find a better one, correct? Thus, I plan to move away from Paypal wherever possible as I don't trust them anymore. What alternative services are you using to replace Paypal?

joravasal · ‎Apr-06-2024

What a bad look for paypal...
A payment service that won't fix issues with security...
2 years after the post and still no official answer or intention to fix this.

Nice......

lulu158 · ‎May-15-2024

Still waiting for this feature too.

matthewqc · ‎May-27-2024

Add me to the list of confused users. As others have noted, having only one security key is as good as having no security keys at all if you have to do an account recovery. At least explain to us why there's some engineering limitation that prevents a second key.

PayPal Community

Why am I only allowed to create one security device for 2 factor authentication?

Haven't Found your Answer?