Edit 04/08/2020 – Not sure when paypal’s 2fa offering updated, but this post is now redundant. All you need do now is login in to your paypal account, settings, security, “Manage 2-factor authentication” and select Authenticator APP.
I just tried using 2fa (Two Factor Authentication) with Paypal, by default I am offered one option and that is to be sent a SMS, or If I dig a bit further a TOTP (Time-based One-time Password algorithm) from Symantec but you either need to sign up to Symantec VIP or after going through some loops; you can use Google Authenticator.
Ok so here’s why you shouldn’t use sms:
So I opted to go through the loops and setup Google Authenticator.
So all seemed good now… Until made a purchase on ebay, to find I wasn’t prompted for my 2fa; apparently because my ebay & paypal account are linked. So if my ebay account is hacked, my 2fa on paypal is worthless. So now I looked at Ebay’s 2fa offering and I am presented with the same options as Paypal (and the same loops for TOTP).
At this point I disabled 2fa on paypal and have gone back to relying on passwords, I am using a password manager with a strong password generator; rather than relying 2fa options available. I recommend Roboform, Lastpass or Keepass.
If unlike me the above doesn’t put you off using Paypal’s 2fa, then feel free to try the following:
SMS – After logging in click the settings cog (top right), then SECURITY, then Security key and follow the on screen instructions.
Google Authenticator – https://medium.com/@dubistkomisch/set-up-2fa-two-factor-authentication-for-paypal-with-google-authenticator-or-other-totp-client-60fee63bfa4f – I suggest using the manual method, but there is an issue with current release of vipaccess; so ignore the first paragraph of manual method and do the following:
sudo apt-get update
sudo apt-get install python qrencode git
git clone https://github.com/cyrozap/python-vipaccess.git
sudo python setup.py install
Then proceed with paragraph 2 of the manual method.
I will end this blog by imploring Paypal & Ebay, to improve there 2fa offerings and reduce the loops to use methods such as Google Authenticator.
P.S Please feel free to comment.