Posted on by Tom

Paypal Two Factor Authentication, I wouldn’t bother… yet

Edit 04/08/2020 – Not sure when paypal’s 2fa offering updated, but this post is now redundant. All you need do now is login in to your paypal account, settings, security, “Manage 2-factor authentication” and select Authenticator APP.

Hi,

I just tried  using 2fa (Two Factor Authentication) with Paypal, by default I am offered one option and that is to be sent a SMS, or If I dig a bit further a TOTP (Time-based One-time Password algorithm) from Symantec but you either need to sign up to Symantec VIP or after going through some loops; you can use Google Authenticator.

Ok so here’s why you shouldn’t use sms:

https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factor-authentication/

So I opted to go through the loops and setup Google Authenticator.

So all seemed good now… Until made a purchase on ebay, to find I wasn’t prompted for my 2fa; apparently because my ebay & paypal account are linked. So if my ebay account is hacked, my 2fa on paypal is worthless. So now I looked at Ebay’s 2fa offering and I am presented with the same options as Paypal (and the same loops for TOTP).

At this point I disabled 2fa on paypal and have gone back to relying on passwords, I am using a password manager with a strong password generator; rather than relying 2fa options available. I recommend Roboform, Lastpass or Keepass.

If unlike me the above doesn’t put you off using Paypal’s 2fa, then feel free to try the following:

SMS – After logging in  click the settings cog (top right),  then SECURITY, then Security key and follow the on screen instructions.

Google Authenticator – https://medium.com/@dubistkomisch/set-up-2fa-two-factor-authentication-for-paypal-with-google-authenticator-or-other-totp-client-60fee63bfa4f – I suggest using the manual method,  but there is an  issue with current release of vipaccess; so ignore the first paragraph of manual method and do the following:

sudo apt-get update
sudo apt-get install python qrencode git
git clone https://github.com/cyrozap/python-vipaccess.git
cd python-vipaccess
sudo python setup.py install

Then proceed with paragraph 2 of the manual method.

I will end this blog by imploring Paypal & Ebay, to improve there 2fa offerings and reduce the loops to use methods such as Google Authenticator.

Thanks Toms.

P.S Please feel free to comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.