I’ve been using two-factor authentication on my PayPal and eBay accounts for almost six years. Time flies when you’re typing in your username and passwords as well as a random numeric string generated by an external device.
Two-factor authentication relies on what you know and what you have. In most cases, you know your username and password, and you have the external device. If one part gets compromised, you’re still okay. This is better than having just a username and password that could be guessed, computed, or stolen. It’s also better than just relying on a physical device — think of someone getting your car key. Put ‘em both together, and the security system is stronger.
PayPal recently launched their PayPal Here service that allows you to swipe credit cards. It’s a lot like Square. I have a really long history with PayPal, and was hoping to use PayPal Here to accept plastic for the various side-businesses we run.
I called PayPal support. The lady at customer service knew what I was talking about right away. She said that because PayPal Here may be used by multiple users, the product was not designed to be used in conjunction with two-factor authentication. She explained that requiring someone to have a security key on them all the time would make it hard for multiple people to use the same account.
I think this is a fair point. However, it would have been better if the service asked the user how they intended to use PayPal Here.
If the user was going to be the only one using PayPal Here, the two-factor authentication option should be allowed. If many people were going to use the account, then two-factor authentication would have to be off.
The other problem with the app’s user experience is that I was never told why I couldn’t log in. I got the same error message if I improperly entered my username and password. The only reason I thought to call support was because the very earliest days of PayPal’s two-factor authentication had a workaround wherein you could type in your security code after your password. I wonder how many people locked their accounts out by repeatedly bumping against the login problem in the app.
I couldn’t find any information about 2FA on the PayPal Here Web site, either.
If you use PayPal’s two-factor authentication and you can’t sign in, maybe this post will explain why better than PayPal’s documentation.
I’m going to pick up a Square unit tomorrow. I’d have much rather kept all of my money in the PayPal ecosystem, since I use PayPal to pay for some stuff.