I concur with the others who contend that it is completely unacceptable for PayPal not to support Authenticator-type app 2FA at this point in time. As others have noted, PayPal's "Security Key" method, which is SMS-based, does not constitute an acceptable 2FA implementation. Again, as others have noted, SMS is not secure and numerous low-tech attacks have been employed in order to intercept SMS messages, which renders SMS a non-option for 2FA. There is absolutely no excuse for a vendor of PayPal's age, size, and stature not to have implemented a proper 2FA solution that utilizes an Authenticator-type app. None. There are coffee shop apps that have 2FA, for goodness's sake! Time to get with the program, PayPal! You are stewards of peoples' hard-earned money! You have direct access to their bank accounts! And to wit, you force binding arbitration on your customers, so they have virtually no recourse if somebody manages to gain unauthorized access to their accounts and steal their money out from under your behind-the-times, unsecure noses. "We might implement it someday" doesn't fly! This should be at the very top of the priorities list! Truly unbelievable and equally disappointing.
... View more