Two Factor Authentication is really important but the current SMS based system PayPal is using is insecure and inconvenient. You should have the option to only require 2FA for log in if it's an unrecognized device; you should not have to enter a code every time you open the app/log in. SMS is not secure and if you're traveling or in a bad cell phone reception area you may not be able to receive an SMS text. The option to use a TOTP app like Authy or Google Authenticator that is more secure and also not dependent on cell phone reception is a must these days. PayPal should also consider support for Yubikey. PayPal's 2FA system is by far the worst system of all my online accounts offering 2FA (banks, social media, etc) so clearly there are ways to improve to a more secure, more user friendly system.
... View more