Paypal app 2 factor authentication

[Ttaskmaster]

SMS is the preferred 2FA, so they'll need a mobile number for that.
Might be that the app requires permissions which access your number for such purposes, to tie it to your 2FA sort-of thing?

[sammyc]

SMS is the preferred 2FA, so they'll need a mobile number for that.
Might be that the app requires permissions which access your number for such purposes, to tie it to your 2FA sort-of thing?

Well I gave the app a number to set it up, but as the app then worked twice straight, I can't see what more there should be to it after that. It may well be their (PayPal's) preferred 2FA, but hard lines to that - they offer you 3 options, so they can lump it.

Incidentally on the first app-authed login to PayPal they then offered me the 'trust this device?' tickbox, which was still there unticked the next time, so what is point of that.

[Joko__2]

If you were reluctant to give them your phone number, you could've used an online SMS service. I use this when I don't want to share my phone number.

[Output]

Hello, sorry for bumping this thread. I created a PayPal acc yesterday and it never asked for 2FA? Should I even do it?

I like to be on the safe side and use 2FA as much as possible, but only you can determine what you feel you are willing to do or risk from your own security practices.

For example, if you are someone who uses the same password for more than one site, I would say it would especially be a good idea to have 2FA in case one of those places is breached as those same breached details are likely to get tried on other sites (especially banking and similar) to see if they can access it and try to (and possibly succeeding) drain your funds.

Although if you are that type of person, I'd suggest to start using a password manager anyway so that you can give each site its own unique (and hopefully much more complicated) password (I'd also suggest such a password manager be an offline one such as Keepass/KeepassXC, but there are obviously other choices available and it's your own choice that depends upon your own needs and preferences, including whether you need to have access to the password from more than one device. Although I would still suggest staying away from LastPass based on being breached a number of times in the past).

For 2FA you do of course have the risk of potentially losing access if something happens to your 2FA method (such as if it's on your phone, that phone being stolen or broken and being unrecoverable).

Another thing to consider is the annoyance factor - would you be willing to put up with the extra step you'd have to go through each time (depending upon whether you have told it to trust a device of course)?

And if you do choose to go for 2FA then you also have to decide which 2FA method.

If SMS is still an option for the 2FA, I'd suggest avoiding that as it's much less secure (still better than nothing admittedly, but that's one reason that sim hijackings are popular).

If you use an Android phone, I'd recommend Aegis.

There is of course the option of using the PayPal app itself on a phone as a 2FA method (just like Steam), but if you don't want to have the PayPal app installed on your phone then you may prefer an alternative.

I can't comment on what the best method may be if you primarily do things via your phone than a PC though, as I'd imagine it could be annoying/awkward to (presumably) switch between apps on a phone to get in and as such again it would be whether you are willing to put up with that.

TL;DR: I think it's better to be on the safe side and do it, but it depends upon your own needs, preferences and risk assessment whether you think it may be worth it. At the very least, you could always set it up and remove it later if you decide it's not worth it.

There's no such thing as 100% secure, but I still think it's better to make it harder for someone else to get in if possible.