Hacker News new | past | comments | ask | show | jobs | submit login
PayPal adds insecure SMS based login that circumvents 2FA. Ignores concerns (paypal-community.com)
2 points by beoutdoors on Sept 8, 2022 | hide | past | favorite | 1 comment



PayPal recently added a "Log in with a one-time code" feature that circumvents the username/password and any 2FA on the account. Instead, a 6 digit code is sent via SMS to the primary phone number linked to the email address. Given the prevalence of SIM Hijacking attacks, this seems extremely insecure.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: