Why on earth would PayPal still be using SMS authentication as a second factor? It was deprecated as an acceptable security standard in July of 2016 by NIST. Reddit was recently compromised due to its reliance on SMS as a second factor on their internal servers and lost password databases and source code to hackers. Our PayPal accounts hold vast amounts of purchasing power, but we rely on a second factor authentication that hasn't been considered secure for more than two years by one of the slowest-moving government organizations in existence!
We have to demand better as a community. There is too much at stake.
Sources:
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to
https://www.theregister.co.uk/2016/07/24/nist_says_sms_no_good_for_authentication
https://www.theregister.co.uk/2016/12/06/2fa_missed_warning/
https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin
... View more