PayPal Community

No, there isn't, and most likely there will never be a fix as Connor is either ignoring this thread or has forgotten about it. In any case, PayPal aren't even remotely interested in fixing this problem.   Just today I had to wait 43 minutes for my codes to arrive, by which time I had given up and purchased the item elsewhere.   I've attempted to contact eBay about it in the hope that they will do something about it from their end, but all I received was a pushback to PayPal. When I insisted that this particular problem only occurs on eBay, I got a vague promise that they would escalate it internally, but that they weren't sure whether it would get implemented.   I avoid using eBay and PayPal like the plague because of their stinking attitude towards customers, yet feeling justified in charges pretty hefty fees for using their services.   If only eBay allowed alternative payment methods… If only there was a viable alternative to eBay…   And apparently they're OK with people posting negative feedback like this; it doesn't prompt them into action. ... View more

Well, Conor,  as requested, I did let you know how I got on, but, as expected, I did not hear back from you. No attempt to assist me further, and no reaction to the additional issues I mentioned.   It's now seven-and-a-half months later, and guess what, I'm still having the same issue. I just tried to pay for an item on eBay, but only got offered SMS as the 2FA option, despite having a Yubikey VIP. It took 16 minutes for the SMS to arrive, but as the code contained within was only valid for 5 minutes I had to request a second one (which came through instantly).   Why does it take me 16 minutes to pay for a £2.99 item?!   I have extremely poor mobile phone reception where I live, so SMS is the worst possible 2FA option. Please sort this out, and don't make me wait months to get an answer.   Why does PayPal even bother having these forums if they don't read them?   PayPal's support is amongst the worst I've ever come across, and as long as that carries on being the case, I'll keep posting public messages like this. Not that PayPal cares, regardless of cliche marketing speak like "We value your feedback", as no feedback I've ever provided has been valued. If eBay allowed other digital payment providers I'd drop PayPal in a heartbeat. ... View more

  Hi Conor,   Thank you for your reply. It's good to see these forums are still being read by PayPal reps.   The 2FA experience I get on PayPal is one of the worst of all the sites where I have 2FA enabled. Unfortunately, most of them rely on the Google Authenticator method, which is the second most cumbersome 2FA method, after SMS. Just like SMS, it involves far too many steps:   grab my mobile phone unlock it open the Authenticator app enter PIN to unlock the app (I use Authenticator Plus instead of Google Authenticator) find the security code in the ever growing list of accounts remember the code go back to the browser and enter the code But, unlike SMS, at least it doesn't rely on having active mobile reception. It is still subject to having sufficient battery, however.   Even though it involves just as many steps as codes via SMS, and is just as cumbersome, I'd rather that PayPal supported Google Authenticator than SMS codes because at least it works.   Last night I had to wait 43 minutes (!!) for a code to arrive via SMS, and by the time it did, my login session had expired and the code was no longer valid. A second attempt resulted in a 30+ minute wait for the code to arrive, with the same problem. The third attempt finally worked, with the code arriving after approx. 5 minutes. That's an hour and twenty minutes wait, just to log into the Android app to see what might be the issue with a payment an eBay seller said he hadn't received. Completely and utterly unacceptable!!   You may wonder why I didn't use a PC instead of the app. Well, as a matter of  fact, I did. But for unknown reasons the website insisted refused to accept codes from my VIP Yubikey, so I (foolishly) requested a code via SMS instead and when that didn't work (it's the one that took 43 minutes to arrive), I tried my Yubikey one more time, which resulted in me getting locked out of my account for over an hour.  Of course, there was nothing wrong with the codes from my Yubikey, as I've successfully used it to log into my account today to respond to your message, as well as to  c h e c k out that particular payment.   Speaking of that payment, why does the Android app only show it as pending, and do I have to log into my account on a PC to find out that the reason it is pending is that the seller hasn't accepted the payment yet? The app is supposed to make things easier, not double the amount of work I have to do!   I'm sorry if I sound bitter, but my faith in PayPal is ultra low. For example, I have not been able to use the mobile app since 2010 (!!) when I first contacted PayPal by phone (see the linked thread in my original post). Numerous promises, and 6 years later, I still cannot use the mobile app as it still doesn't work properly with PayPal's own security token (and by extension, the VIP mobile app and Yubikey). While the app now, at least, has supported for 2FA via SMS codes, they clearly do not work (for me), but even if they did, I want support for my VIP Yubikey, which I purchased solely for use with PayPal so as to not be reliant on mobile reception.   Longer term the app needs support for U2F and NFC-enabled keys, such as the Yubikey NEO, so that I don't need to carry a micro USB to USB adapter cable with me. If Lastpass and Github can do it, why can't PayPal?   As for the stored addresses, they can't possibly be cached. Some of these obsolete addresses I have not used since 2008/2009 and my PC has been reinstalled several times in the years since then.   As I've said in my previous message, PayPal's web design is broken on so many fronts. Here's another example: the Android app suggests setting up a PIN to make future logins easier and quicker (and less secure as it sidesteps 2FA), but nowhere in my account (on a PC) can I find a way to set up or change a PIN. In fact, there isn't even a way to change one's password. All the "new, redesigned, improved" profile page gives me is the option to change my name, photo, time zone, address, email address and telephone number. Even clicking the "Classic Site" link at the bottom only gives me an overview of the transactions, albeit in the classic format.    I'm pleased to hear that you will pass on my  f e e d b a c k   to the relevant team(s), but forgive me if I don't hold my breath for any changes. It's a shame that PayPal has such a monopoly on digital payments, for my experiences with the company are so bad that I'd use a competing service if I could, much like eBay.   EDIT: to add to my complaints about the utterly broken web design, why is an entire sentence without any swear words or bad language getting replaced by "**bleep**" because of the word "c h e c k" ?! Even the word "f e e d b a c k" in the last sentence gets replaced by "**bleep**"!! This is just crazy, I can't even leave normal language f e e d b a c k!! It's taken countless edits and over 20 minutes of my time just to edit this text  because of these two common words triggering some f o u l  (<- another one!) language filter!! (I have to add spaces to these words to avoid them getting replaced by **bleep**). Seriously not impressed. ... View more

It turns out that even after unlinking my PayPal and eBay accounts, I still don't get the PayPal login screen I used to get. On this new login screen, there is no option to select a security key instead of receiving a code via SMS. I had to wait 7 minutes for the SMS to arrive. This is simply ridiculous   I bought the Yubikey VIP especially for use with PayPal (there is very little else out there that uses Verisign's VIP 2FA method), so as to not have to deal with cumbersome SMS codes that only work if you have mobile signal (which is very bad where I live, I get just about one bar by the window in the kitchen) but now I'm being forced back to SMS codes! PayPal web design is broken on so many fronts. Why is it that when I log into the PayPal website itself, and get asked straight away for my security key, with an option to "Use my mobile phone instead", but logging in via the eBay checkout only gives me SMS as the only method, with no option to switch to my security key? Why is that when I try to log into the PayPal Community, I enter my name and password, only to get told "For your security, we need you to log in to www.paypal.com first to provide your security key, then come back here to continue."? I then need to open another tab, log into my PayPal account, enter my username and password again, where I get asked for my security key straight away! I then have to back to the tab with the PayPal Community login and go back two pages before I can then finally log into the community! If I have to log into the Community Forum via the main website, why not send me there straightway instead of asking me for my credentials, only to not use them? Why, at the very least, not ask me for my key on the Community Forum login screen? Why is it that shipping addresses I've used in the past, most of them no longer valid, can be select when checking out with PayPal, but there is no way to delete, edit or even just view stored shipping addresses from one's profile?   Why is it that a giant like PayPal just can't seem to sort their website and implement proper support for security keys, when many, infinitely smaller companies can? ... View more

Because, as someone else said above, the pool of affected users is quite small and easy to ignore.   Conor has gone shtum on the issue, after having posted a link to a useless knowledge base article. To dishearten you further, have a read in this thread which has been running since 2011 without resolution.   PayPal, over the years, has changed from a technology company into a full-blown and recognised financial institution, and with that transition comes only taking money from their customers without listening to them.   Sadly, at least on eBay, there is no alternative, and, therefore, no competition to challenge PayPal's monopoly on digital payments.   What (modern) customers need is support for modern technologies such as U2F (with NFC, like the Yubikey NEO) support that would make 2FA login a simple 2–step process.   The vast majority of people, however, have no concept of 2FA or why they need it, and for those people PayPal's login methods just work, meaning that PayPal can continue to ignore users like you and me without losing any money (or sleep) over it. ... View more

Well, almost a year on from my last post and I'm checking io see if there has been any announcement from PayPal to say that the issue has now been addressed.   Surprise, surprise, it has hasn't. Nor has support for the U2F standard been added.   Makes one wonder whether anyone from PayPal even reads these forums, or whether they care at all. Maybe they make enough money without having to improve things, which would explain the broken apps, websites and eBay integration (why can I only use SMS as a second factor, even though I get do asked for my security token when I log into the PayPal website proper?). Now I'm trying to make a payment on eBay and have been waiting over 10 minutes for that accursed SMS to arrive.   It's a shame, and a scandal, that there is no alternative to PayPal, at least not one that eBay does condone, as maybe some competition would force PayPal to get their act together and fix all these broken bits. ... View more

So we're now five years on from when I first contacted PayPal about this issue, and it still hasn't been solved.   Blaming a third part developer is just a feeble excuse. Surely if you can't get your contracted third party to deliver the product you want with the features you need, you give the contract to a developer who can? Lastpass and Yubico can make this work beautifully with the Yubikey Neo, and these companies are inifinitely smaller than a giant like PayPal.   I guess it's the same third part who is responsible for the new website design, as this does not work properly either. I just paid for something via PayPal and wanted it shipped to a different address. The shipping address selector showed me a ton of addresses I've used in the past, most of them no longer valid, but there is no way to delete, edit or even just view stored shipping addresses from one's profile.   PayPal have joined the likes of Apple, Microsoft, Google etc where they no longer need to achieve maximum customer satisfaction in order to survive.   Maybe when some other new startup comes along and challenges PayPal's dominance they will start listening to the very people that justify their existence: the customer.   I'll check on this thread again in another year's time to see if there is a positive post announcing full support for the Yubikey Neo with FIDO U2F (get rid of VIP already!), allowing the security conscious amongst us to pay safely, quickly and conveniently from our mobile devices. In the meantime I'll start looking for said startup or other electronic payment companies that (still) care about their customers' opinions and needs. ... View more

Don't hold your breath. I contacted PayPal way back in 2010 about this, and the app still gleefully promises that support for security keys will be added soon.   Support for the Yubikey Neo would be brillant, but I'd even settle for support for the standard Yubikey via a USB OTG adapter. Anything, as long as I can make payments while out and about!   As you say, if you have a security key enabled on your account (and if you don't, you deserve to get your account hacked), the app is utterly useless, especially considering that even logging with mobile number + PIN (very bad, as it is no more secure than an email address + password combination) does not work if you're desperate enough to make a mobile payment.   Just the other day I had to pay for two auctions that were ending as I was on my way to work. Had PayPal pulled the proverbial finger out, I would have been able to make the payment while on the train, but instead I had to contact the sellers to let them know that I was unable to make the payment until I got home the next day (I work nights). I needed the items urgently but as a result of not being able to pay instantly from the app, I incurred a day's delay. Completely ridiculous and unacceptable in this day and age, where pretty much the only thing your mobile phone doesn't do is make you breakfast in the morning.   PayPal, happy to take your money, but not willing to listen to you… ... View more

I spoke to PayPal about this more than four years ago but clearly they have no interest in solving this issue, even though they provide their own two factor solutions.   While I can log into the mobile site with my phone number + PIN code, this is even less secure than a user name + password, for a password can at least a) contain more than 8 characters, and b) contain a combination of letters, numbers and punctuation marks.   The reason I have enabled two factor authentication on my PayPal account is that if someone manages to break into my account, they have direct access to my money, my bank account(s) and my credit card(s). Mobile devices are inherently insecure, and should therefore have full support for two factor authentication.   With a USB OTG adapter I can use my VIP Yubikey on my mobile phone, and I have successfully logged into other services where I use a combination of user name + password + Yubikey, yet on the PayPal mobile site as well as the Android app, this simply does not work and hasn't done since at least 2010. When I enter just my email address and password, I get an error message that says that the digits from the security key should be appended to the password, but when I do this, I simply get returned to the login screen.   Why does PayPal provide support for two factor authentication, yet it doesn't work on the most vulnerable of devices, and more importantly, why do they refuse to fix it?   Their support is utterly useless too 😞   Epic, epic fail on PayPal's part. ... View more