The "Log in fast with a one-time code" is not just a potential security threat, it's a bonafide absolute 100% security threat because my computer got hacked and someone was able to remotely log in to my desktop computer, gaining control of my desktop. Did they get into my BofA account through my browser? Nope, they needed a password. My Chase account? Nope, they didn't have a password for that either. Venmo? Uh-uh, no password. My PayPal account? Yep!!! Two clicks! First click, "Log in fast with a one-time code", and a code gets sent to my Messages desktop app, second click, autofill code, and they're logged into PayPal and draining my funds. I was able to catch them in the middle of the heist and cut them off, but they were still able to drain some of my funds. This 'Log in fast with a one-time code" is not two-factor authentication, it's not even one-factor authentication. It's zero-factor authentication. on a desktop browser on the Mac, with the Messages app linked to your phone Messages app, it takes two clicks (<click>send code-<click>autofill code) to log in to PayPal. No password is necessary, and no authentication is necessary. So anyone with access to your desktop, either at the chair or remotely logged in, has instant access to your PayPal account. (And before someone starts criticizing my lack of desktop security having my Messages apps linked. As I mentioned above, they didn't get into any other banking accounts, just PayPal. Yes, I need to find out how they got in, tighten security, and close that hole, but only one banking platform was effortlessly compromised.) But, "Hey some people might like this convenience!", fine, keep it as an option. But there are a lot of people who don't want it and there's no option to disable it. I don't even know where this "Log in fast with a one-time code" came from. I didn't ask for it or enable it. But the first thing I did after locking down my computer, going through my browser history to see what the culprit did, and changing passwords was to go look for the PayPal setting to disable this "feature". Guess what. There is no way to disable it, so there it sits, an extremely major security flaw front and center on a banking platform's login page. They might as well change "Log in fast with a one-time code", to "Click this button to steal this person's money." This bulletin board is more secure. I have to prove "I'm not a robot" just to post this message.
... View more