Two-factor authentication for PayPal adds an extra layer of security to your login, providing extra protection against hackers and fraudsters. It has been mandatory for payment services since January 1, 2021, because it is one of the most effective security methods.
How to set up two-factor authentication for PayPal
You can activate two-factor authentication (2FA for short) in the security settings of your PayPal account. You have two options for receiving the required security codes. Please note: Two-factor authentication currently only works via a web browser and not yet in the app.
- Open the PayPal website and log in to your PayPal account with your login details.
- Once you have logged in, click on My PayPal in the top right-hand corner and then on the gear icon.
- Then go to the Security section and select Two-step verification.
- You can now choose between two-factor authentication via an authentication app or a security key device.
- For the Use authentication app option, you need an authentication app such as Google Authenticator or Microsoft Authenticator on your smartphone or tablet.
- After selecting the option, a QR code will be displayed on the PayPal page. You must scan this with the authentication app using your device’s camera when adding a new account.
- The Use security key device option provides even better protection against phishing and other fraud attempts, but requires special hardware.
- Please note that you still need to set up authentication via the app when using a key device.
Using PayPal 2FA with Microsoft Authenticator
PayPal’s 2FA protection is quick and easy to set up with an authentication app. In Microsoft Authenticator, follow these steps:
- Open PayPal in your browser and log in.
- Click on My PayPal ☻ Gear icon ☻ Security ☻ Two-step verification ☻ Use authentication app. You will now see a QR code in your browser.
- Open Microsoft Authenticator and tap the plus icon ☻ Personal account ☻ Scan QR code.
- Scan the QR code displayed with your device’s camera.
- Once you have scanned the QR code, you will see a six-digit code in the app, which you must enter in the empty field on the PayPal website.
- You may now be asked to confirm your identity again. To do this, you will receive a numeric code via text message or phone call, which you must enter on the PayPal website. Two-factor authentication is then activated.
2FA for PayPal: You can also use these apps
In addition to widely used apps such as Google Authenticator and Microsoft Authenticator, there are other reliable authentication apps that you can use for two-factor authentication with PayPal. These alternatives often offer additional features such as cloud backup, cross-platform use, or user-friendly operation:
- Authy: A very popular alternative that allows you to securely store your 2FA codes in the cloud and sync them across multiple devices. This is particularly useful if you switch devices frequently or want to secure access.
- Duo Mobile: Widely used in companies, Duo Mobile offers push notifications for quick login in addition to generating one-time codes. The app is robust and secure, and just as suitable for private users.
- LastPass Authenticator: Part of the LastPass password manager, it allows authentication to be integrated directly alongside your password management. Offers backup functions and multifunctional use.
- FreeOTP: An open-source alternative that is particularly popular with users who value data protection and ease of use.
- It is important that all of these apps support the common TOTP (Time-based One-Time Password) standard so that they are compatible with PayPal and many other services.
Weaknesses of two-factor authentication (2FA)
Although two-factor authentication (2FA) significantly increases the security of your PayPal account, it is not completely secure and has some potential weaknesses:
- Phishing attacks with code requests: Attackers may try to trick you into entering your 2FA code directly through fake websites or messages. Even with 2FA, your account can be compromised if you share the code with fraudsters.
- Manipulation of authentication apps: In rare cases, malware on your smartphone may attempt to read or intercept the authentication app or its codes.
- Loss of the second factor: If you lose your smartphone or no longer have access to the app or security key and do not keep backup codes in a safe place, access to your account may be compromised or difficult to restore.
- Social engineering: Criminals may attempt to impersonate you through phone calls or messages and trick you into revealing your 2FA code or changing settings.
