Backup codes?

iyak
Contributor
Contributor
Posted on
‎May-16-2019 07:11 PM

In 2FA setting, does PayPal provide backup codes, just in case of phone / authenticator loss?

Labels:
Login to Me Too
Login to Reply or Kudo
32 REPLIES 32

haffar0
Contributor
Contributor
‎Sep-16-2022 11:53 PM

It is funny to see social network companies provide stronger security access than financial companies

Login to Me Too
Login to Reply or Kudo

Afura
Member
Member
‎Sep-26-2022 10:01 AM

Amazon has the exact same issue, they also do not provide backup codes for 2fa which is a shame in 2022, I can not understand this. I don't wanna rely on calling you to get my account back if I don't have any access anymore to my 2fa app, someone with a little bit of knowledge in social engineering will easily get the information he needs to pass off as me. 

Login to Me Too
Login to Reply or Kudo

jdrch
Contributor
Contributor
‎Sep-26-2022 10:10 AM

I believe the reason PayPal doesn't provide backup codes is their 2FA implementation allows PayPal to access the account if necessary (presumably in emergency situations). A full hardcore lockout 2FA implementation would risk users (and their beneficiaries, in case of death) losing access to their funds if they lost their 2FA, which I think would be extremely problematic from a UX and perhaps even a regulatory standpoint. From my observation no (US-based) conventional financial provider has absolute 2FA lockout implemented either.

 

Of course, it would be nice for PayPal to state this explicitly, but it is what it is. FWIW the app based TOTP implementation is better than that of most financial institutions who send 2FA codes in the clear over SMS or email.

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.