Reply to post: Worse for us

Brian Krebs criticises PayPal’s security as authentication flaws exposed


Worse for us

As far as I can figure out, Paypal's 2FA offering for the UK is a code sent by SMS. If you don't have your phone to hand, or can't be arsed to look at it, you can bypass the whole process by answering two security questions. It's always the same two questions. So, one person peering over your shoulder, a keylogger or just someone who's able to do some basic research to find your mum's maiden name and your 2FA becomes sweet FA.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021