@jroop wrote: I agree with everyone else here that having backup codes is an important feature of Two Factor Authentication (2FA) that is missing from PayPal. I also see that I can only register a single authenticator app instance for my account. If this were not the case, then a workaround would be to register a second authenticator app instance on a backup device (perhaps even the phone of someone you really trust). Since I can't do that either, however, I am left with the following choice: 1) Add my phone number as a backup authentication method or 2) Don't have any backup and risk getting locked out of my account if anything happens to my phone. I decided to add my phone number as a backup authentication, but I feel that defeats the point of an authenticator app. Authenticator apps are more secure and I don't want it to be possible to use SMS instead of the app. It's even worse than your two numbered scenarios. Earlier A Paypal support rep in this topic said they will disable 2FA for you if you call them and report a lost authentication device, so the 2FA is just security theater at Paypal, it's not protecting anything.
... View more
@PayPal_JonK wrote: If you were to lose your phone / authenticator, you would need to reach out to our Customer Support to disable that 2FA method. Thanks! - Jon K This is an awful answer, it's basically Paypal admitting they're vulnerable to Social Engineering attacks. Just provide the recovery codes, it's a standard feature of 2FA.
... View more