The issue with passwords is: People save them so logins are quicker. The loss/theft of a phone with a saved password = zero security. Criminals have figured out that this is an easy way to get to peoples funds. As people get lazy, they let down their guard and get ripped off. These are the types that criminals are looking for. It is these people that quickly run to support and start cramming their time by reports that could have easily been avoided.
As the criminals get smarter and more inventive, so must PayPal to protect their customers. With all the software out there like screen share, file share and such on these phones, criminals are getting very inventive with new and improved ways to steal your id/money/information.
None of my financial sites are unprotected. They all use 2Fa's as it is a free insurance against theft protection. When possible, I use 3 forms for every online transaction. Email, SMS and authenticator. The more security you give yourself, the harder it is for you to get robbed. My authenticator is not on my actual phone, as putting an authenticator on the phone that receives the SMS is no security at all. I have seen people put their email client on their phone, save their login information. Then enable 2fa, put that on the same phone as the saved password. And use that very same phone to accept the SMS. Totally pointless.
Please do not make it easy on the criminals, protect yourself to the best of your ability. If you feel the need to blame someone, don't blame PayPal, blame the devious individuals that have forced PayPal into these steps.
PayPal cares about it's bottom line. These criminals chase away their customers by stealing from them. Some choose not to protect themselves. Sooner or later, they are victimized then it eats up valuable support time that could have been avoided. When these forms of theft/scams/exploits become so prevalent on unprotected accounts, PayPal is forced into taking steps, however unpopular they may be.
