How is this not supported!? Every other site that implement 2fa through an authenticator app provide these codes to protect against losing the device setup to authenticate with. How are PayPal… a financial organisation… so behind with security. It's taken years for you to introduce 2fa that's not the insecure SMS confirmation codes, and when you do, the implementation is half baked! You really must provide backup codes, otherwise your offering is still as insecure as just using SMS codes, since we still have to have the SMS setup in case we lose our authenticator device… or worse still, you support disabling the need for the authentication on login by contacting you support team without any better way of confirming my identity!? I'm seriously considering closing my account because of the lack of industry standard level of security offered!
... View more