Showing results for 
Search instead for 
Did you mean: 

Paypal not using 2FA and does auth through PP app - an UX problem but also a huge security threat

Posted on

Hey. I had a 2FA set up on Paypal using my Yubikeys for a really long time (even before Authenticator-compatible 2FA was supported by PP).

Unfortunately, a few months ago the behavior of PP has changed - i still have 2FA enabled and Authenticator selected for 2FA, but 90% of transactions i make, I'm being asked to verify using a PP app INSTEAD of using Authenticator app.

Not only it's so inconvenient, literally driving me nuts, as the app is not reliable and often I need to repeat the payment a few times, not to mention all those times where I haven't had a phone nearby or needed to look for it around the house, but above everything else - it's jeopardizing the security of my account. There is completely no added value in terms of security in having app authentication like that, compared to not having any 2FA protection at all.

Is there a way of disabling the app verification and going back to the proper 2FA through Yubikeys?


Let me apologize here for posting this for a second time but my original post was moved to a "Phone number changed" thread by the mods and I don't believe this was a  correct decision. Firstly - my problem has completely nothing to do with changing a phone number or me not being able to sign in. Secondly, the issue I'm trying to flag, seriously compromises account security and I believe that I'm not the only person affected by this. Even with a 2FA set up and yubikey always kept in my pocket, if my phone would be stolen or lost, there is not much preventing the thief/finder from using my phone and my PP account, as PP app will ask to confirm my transaction on the very same phone which is being used to perform a malicious transaction. 

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.