OK, so I have 2FA enabled and I use an SMS to my cellphone, nothing else. On a PC things are nice and simple: Buy item on ebay Check out with paypal Log in to paypal using password See screen saying 2FA now required, click SEND SMS button Type code from sms into screen, hit Go All done Now on my ipad: Buy item on ebay Check out with paypal, get bounced through to paypal mobile site Try to log in with password, receive a message "Add the number off your security key to the end of your password to log in" What number? Maybe the last code you sent me 3 weeks ago? Nope, that expired 2 weeks, 23 hours and 55 mins ago. Try it anyway, paypal helpfully suggests I might have forgotten my password.. I'll wait around a bit, maybe the first login attempt that elicited the "add the number..." message will cause an SMS to be sent to my phone.. Still waiting 30 mins later, so I guess that's a no either Buying an item with the ebay mobile app is plagued by the same troubles - there's no obvious way to log in if you have SMS based 2FA enabled. Impressive security though! Come to think of it, logging into these forums on a PC was hard enough - had to log into paypal.com and go through 2FA first, then retry my login here while my session was still valid. Hit by a flash of imagination, I suddenly considered that this might be what your developers had cooked up as the way to log in on the mobile site (/wapapp) to pay for something, so I tried it: Buy item on ebay Go to checkout, get bounced through to mobile site (/wapapp in the URL) Try log in, get the "add the number off your key to the end of your password.." message Open paypal.com in another tab on the ipad Log in Go through 2FA, get the code, log into paypal.com OK Come back to mobile paypal site to pay for item, try entering my password and adding onto the end of it the code you text me 2 mins ago to log into paypal.com No log in.. Try entering just my password Get the "add the number..." message Go on, tell me.. what's the trick? Any special reason your developers can't just wire it all up into one seamless experience - i try my login, you send me a code and redirect me to a page to enter it, i type it and bingo? Is this just something that's easy for the people who use a dedicated hardware key, some kind of fob that has an ever changing number on it, and the SMS based 2FA users are out of luck? Please note, that i do not use the ebay app, nor the paypal app. I'm purely talking about opening safari browser on the ipad, going to ebay.com, buying, and then trying to make a purchase, all from mobile based websites within safari..
... View more