I'm deeply disturbed with the lack of concern for security and poor security design choices PayPal has. They offer this way to login. SMS should never be offered, and if they insist on making it available, allow it to be turned off. One Time Code to log in should never be offered at all. It defeats the purpose of 2FA entirely. A user cannot disable Mobile PIN or In-Store Pin The user cannot use More than 8 numbers either When a user adds 2FA, it defaults to SMS They offer "automatic login" and keep asking a user to enable it. For me, I tried to revoke trusted devices repeatedly, and got an error
... View more