PayPal adds authenticator app as 2-step verification option - gHacks Tech News

PayPal adds authenticator app as 2-step verification option

PayPal; love it, or hate it. I had my troubles with the service in the past but have to acknowledge that it is one of the most popular online payment options thanks to its wide distribution.

PayPal customers who want to add that extra bit of security to their accounts can enable 2-step verification to protect logins against unauthorized access.

PayPal's been offering options to add a second layer of security to accounts since 2008 when it launched the PayPal Security Key feature. Security Key was a physical device that you could use to create a code that you had to enter to sign-in to PayPal accounts.

Options to sign-in using an app were introduced in 2014 with Symantec's VIP Access app that supported PayPal and other sites. Basically, what it did was generate a code that you had to enter.

The only other option that PayPal customers had up until now was to use SMS instead. PayPal would sent a code using SMS and that code had to be entered in a secondary step on the PayPal site to sign-in.

SMS has a few drawbacks: it is not particularly secure, you need a mobile connection, and it happens that messages take their time or vanish in Nirvana at times. Authenticator apps run locally on the device which means that code generation is instant and does not require a mobile connection or Internet connection.

You can still use SMS as a backup option on PayPal.

PayPal authenticator app support

paypal authenticator app support

Authenticator applications are apps that run on a mobile device. These applications need to be linked to accounts during setup but work locally from that moment on.

PayPal does not list all supported authenticator applications that the service supports, and the recommendation that it makes to find an authenticator app is quite problematic.

PayPal states:

To download an app, go to your phone's app store, search for "authenticator app" , and download one such as Google Authenticator or Microsoft Authenticator.

The suggestion to search for an application is vague, and it is quite possible that users may encounter less than stellar apps when they run searches. We do know that Google's and Microsoft's solution work but that is about it (Authy works as well).

Setup

paypal 2-step login

Here is how you use an authenticator application to protect PayPal better or switch from SMS:

  1. Sign in to your PayPal account. If you run into issues here, try our PayPal login guide to sort things out.
  2. Select the settings icon in the top right corner on the PayPal website.
  3. Go to Security > 2-step verification.
  4. Turn 2-step login on if it is set to off.
  5. When adding a device, select "Use an authenticator app".
  6. PayPal displays a QR code on the next page. You need to open the authenticator app that you use on your mobile device and use it to scan the QR code. If you cannot scan the code, type the 16 character code that is displayed underneath it instead.
    1. The authenticator app should pick up the company and your PayPal email address automatically.
  7. Type the six digit authentication code in the field on the PayPal website to verify the link between the authenticator app and your PAyPal account.
  8. You can set the authenticator app as the primary 2-step login method; this makes SMS the backup method.
  9. Select Done to complete the process.

Closing Words

Some users prefer SMS, others authenticator apps and PayPal supports both now. If you have not already, I suggest you enable 2-step login on PayPal to better secure the account.

Now You: Do you use PayPal or other payment services regularly or occasionally?

Summary
PayPal adds authenticator app as 2-step verification option
Article Name
PayPal adds authenticator app as 2-step verification option
Description
Find out how to set up an authenticator application for use with PayPal's 2-step login feature and use SMS as a backup.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. John Fenderson said on April 15, 2019 at 6:47 pm
    Reply

    “Do you use PayPal or other payment services regularly or occasionally?”

    I use PayPal regularly. I wish I had another realistic option, as I’m no great fan of PayPal, but it’s the most commonly accepted payment scheme that allows me to avoid giving out my CC number.

  2. DropZz said on April 15, 2019 at 6:51 pm
    Reply

    wow finally….took them only a Eternity. Maybe we see +16 character long passwords before 2030 who knows -.-

    1. AxMi-24 said on April 16, 2019 at 10:40 am
      Reply

      The sad part with paypal and many others is that they still retain fallback to sms or mail which is anything but secure (mail is beter than sms).

      What is the point of good locked front door if next to it is a sign “if you forgot your key the backdoor is open”.

      1. Patrice said on April 19, 2019 at 6:53 am
        Reply

        THIS!

        It’s alarming to be presented with a number of menu choices for logging in. Sometimes I wonder why I even bother fussing with an authenticator app.

        It’s becoming an art form, choreographing all of this.

  3. MarkDubya said on April 15, 2019 at 7:06 pm
    Reply

    Finally! I can’t believe it took them this long. Of course it’s still a mess, though. The Android PayPal app asks for an authentication code every time I open the app even though I’ve already confirmed my phone and have it setup to use my fingerprint. Ugh.

  4. NowWhat said on April 15, 2019 at 7:19 pm
    Reply

    I was going to open a Paypal account for selling stuff on Ebay. Now I’m getting a little concerned about what may be wrong with Paypal. Is it safe to use like a Credit Card ?

    1. John Fenderson said on April 15, 2019 at 7:49 pm
      Reply

      @NowWhat:

      I’ve used it as my main online payment method (and to transfer money to individuals) for years and have never had a problem. The problems that I’ve seen with PayPal seems to happen if you’re a vendor, not an ordinary user, but I am not an expert on that.

      1. crambie said on April 15, 2019 at 8:50 pm
        Reply

        I’ve used it for years as a vendor and haven’t really had problems either. You do get customers trying it on and sometimes they get away with it but PayPal doesn’t simply side with them. Whatever service you use you’ll have some unhappy people.

    2. ULBoom said on April 15, 2019 at 11:59 pm
      Reply

      I use it if there’s no other way. I don’t keep a card stored there, just enter it each time, skipping PP and going directly to the card, which easily can be done.
      But I don’t use PP that much, so all that may be impractical for you.
      Many ebay sellers won’t take any other payment method. Never had problems with PP for domestic or international purchases and have had CC’s stored there for years in the past.

  5. NowWhat said on April 15, 2019 at 9:27 pm
    Reply

    Thanks for anwering my question. Glad to hear from people who already had experience with Paypal.

  6. Tom Hawack said on April 15, 2019 at 9:58 pm
    Reply

    No authentication here for accessing my PayPal account but of course a very strong password and a dedicated, reserved email address.

    Speaking of email address and the way transactions are processed from the seller to the buyer via Paypal : I recently purchased a software license and after having provided my name, snail mail address and email, having chosen PatPal, I was surprised to notice that the PayPal login displayed the email address I had given to the software seller, which was not the one I use for PayPal (given as noted above that I have a PayPal only reserved email address). I consider this bothering.

    I’d appreciate that credentials given to a seller be clearly apart from those reserved to PayPal. It is unclear to me if a seller is provided by PayPal my name and address when it appears PayPal is provided the email given to the seller. I may wish for instance to address a purchase to someone else than me, as a gift, and have that person be billed a 0.00 amount accordingly, in which case the name & postal address given to the seller wouldn’t match those of my PayPal account. But in this scenario does the seller receive from PayPal my PayPal name and address?

    I don’t buy much on the Web but when I do it’ll always be via PayPal because sending my bank account references over the seven seas isn’t a perspective I’m fond of.

  7. JW said on April 15, 2019 at 10:29 pm
    Reply

    Paypal needs to leave legacy 2-factor/MFA behind. They need to embrace biometrics with certified liveness detection – now. These leftovers from the last 10-15 years of nearly no real digital security advancements means that now the attack surface has only increased. It’s no longer such a chore to obtain, one way or the other, someone’s typical credentials. And given Paypal’s transaction limits have been increasing significantly, it’s time for them to get more serious about providing stronger authentication that actually ties an account to the legitimate – and alive – user.

    1. Ascrod said on April 16, 2019 at 3:08 pm
      Reply

      Biometric security is a terrible idea. It’s a key you usually leave everywhere you go, and you can’t change it if it ever gets “stolen”. As for “certified liveness detection”, it’s only a matter of time before someone figures out how to spoof that too.

      Non-SMS MFA with an authenticator app and/or USB key are the way to go, for the time being.

    2. John Fenderson said on April 16, 2019 at 4:55 pm
      Reply

      @JW: “They need to embrace biometrics with certified liveness detection – now.”

      No, they don’t. Biometrics are not an acceptable authentication mechanism. Even doing SMS-based 2FA is more secure.

  8. Barry said on April 16, 2019 at 12:26 am
    Reply

    Well this just get’s better. Some people still don’t have smartphones, let alone those mythical feature phones. In Canada, we still require landlines and VOIP for daily lives. Mobile phones can catch malwares and other goodies, if one is not careful. Not many people carry more than one mobile device. Lose it and you’re screwed. Prepaid mobile networks are lousy here in Canada.
    It would be nice if Paypal allows security USB keys to log in as two factor authentication or universal second factor. I prefer to keep my eggs in different baskets.

    1. ShintoPlasm said on April 16, 2019 at 8:12 am
      Reply

      Mobile networks in Canada also seem to cost three times more than anywhere else…

      1. Barry said on April 17, 2019 at 4:40 pm
        Reply

        Indeed they are, the reason why fees of mobile networks cost an arm and network. Shareholders and companies gouge customers.

  9. ScrewThat said on April 16, 2019 at 3:13 am
    Reply

    Using apps on a mobile device for authentication is neither secure nor does it improve privacy. But big business and government love tracking and want you to submit — and there are quite a few morons jumping on that train.

  10. Jojo said on April 16, 2019 at 8:10 am
    Reply

    I still use and like the security key. I wish eBay had not dropped support for the key.

    A major negative with PayPal is that they seem to be giving my PayPal email address to sellers, who then subscribe me to their newsletters or spam emails.

    1. Steven said on April 16, 2019 at 10:29 am
      Reply

      I’ve had the same problem, but as I use a dedicated email exclusively for paypal I don’t worry about the spam mails (which are surprisingly rare, maybe because I use it only on a few sites where I’m a good customer ?)

      1. Jojo said on April 16, 2019 at 9:05 pm
        Reply

        Yes, I use a custom address for PayPal (and every other forum/app/subscription that I have), which is how I know that the subscription is coming from them.

        Sure I can change the address but then I have to jump through the verification’s and changing my records of the current address, which is annoying.

        PayPal should not be giving out user email addresses, anymore than they should not give out credit card numbers!

  11. Radical Dreamer said on April 16, 2019 at 8:58 am
    Reply

    PayPal support two-factor-authentication for years now. Nothing new here except there’s an app now and not just SMS or phone call options.

  12. Steven said on April 16, 2019 at 10:25 am
    Reply

    I’ve been using paypal as a buyer & sometimes for selling things on ebay.
    I use a reserved email, with a password that is mind-boggling & impossible to remember
    (I have my list of passwords without them being connected to an account : ie NOT Paypal : fgsghsdkuhgsuhghfsjhdsfhsl but just the password which I remember goes with which account.
    The 2-step verification via SMS is a good advance in security.
    Whilst some people don’t like paypal, I like it as I can transfer money to my bank account & buy things without giving out my credit card number.

  13. Whatever said on April 16, 2019 at 11:04 am
    Reply

    This comment thread will end on r/Iamverysmart. Tom is a goldmine for OP posts.

  14. Tom said on April 16, 2019 at 11:42 am
    Reply

    Sadly they have added geographical restrictions so if I have a PayPal USA account to make purchases in USA and have them shipped to my relatives, I cannot sign in. PayPal has stolen my money and frozen my account because I don’t login from the USA. They should allow this now that 2-factor authentication is added.

  15. Dandelion Sprout said on April 16, 2019 at 4:35 pm
    Reply

    There exists a workaround at https://medium.com/@dubistkomisch/set-up-2fa-two-factor-authentication-for-paypal-with-google-authenticator-or-other-totp-client-60fee63bfa4f that made PayPal treat regular 2FA apps (like Authy) as if they were an official security key, which was pretty convenient during the years when PayPal did not support other 2FA apps than Symantec’s.

    But nevertheless it’s great news that PayPal now has official native support for regular 2FA apps as well, judging by this article.

  16. Ray said on April 16, 2019 at 8:44 pm
    Reply

    I’ve been using the Symantec vipaccess workaround for 2FA TOTP for a few years now.

    Glad to know that PayPal is finally adding official support for 2FA TOTP now. Better late than never!

  17. Marco Diversi said on April 17, 2019 at 8:34 am
    Reply

    I don’t see this option anywhere in my account!

    Any idea why?

  18. NoraaC said on June 11, 2019 at 9:44 pm
    Reply

    I discovered the authenticator app option while helping someone set up a consumer account but when I went to my account which is a business account the option wasn’t there. So it looks like it’s not supported for business accounts?? Maybe because they support hardware keys for business accounts?? Disappointing in any case.

    1. diego said on July 14, 2019 at 7:06 am
      Reply

      Same problem here

    2. jenny said on July 22, 2019 at 5:23 am
      Reply

      same problem. I have a business account – i cannot find the 2FA setting.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.