PayPal Security—2FA Codes To Be Replaced By Single-Step Login
In a recent development that has left many users wondering if security is being compromised, PayPal announced its plans to replace traditional 2FA codes with a single-step login process using "passkeys." This move aims to enhance security and reduce authentication steps, making it easier for users to sign in and pay with their PayPal accounts.
On February 28th, PayPal sent out an email notification to its users, informing them of the upcoming change. The email stated that the new passkey update would "enhance security" by enabling the use of existing passkeys as a two-factor authentication (2FA) method. This means that users will no longer need to generate or enter 2FA codes to access their accounts.
So, what exactly is a passkey, and how does it work? According to PayPal, passkeys "save a unique code on your device that proves it's really you" and combine it with a second action like using your face or fingerprint to log-in. The good news is that the passkey users already have will remain valid, and there's no additional action required to activate it for 2FA use.
The new passkey-based 2FA system promises to make signing in faster by reducing authentication steps. However, some experts are raising concerns about the potential security implications of this change. Jérôme Segura, senior director of research at Malwarebytes, recently identified a new scam targeting PayPal customers with convincing ads and pages.
"We've seen a new campaign using malicious adverts that impersonate PayPal," Segura said. "The phishing campaign employs official-looking Google search ads combined with specially-crafted PayPal pay links." This makes the scheme particularly dangerous on mobile devices, where screen size limitations and lack of security software can make it difficult for users to spot the scams.
Segura warned that this is just one example of how the new passkey-based 2FA system could be exploited by hackers. "Crooks are abusing this feature to create a bogus pay link," he explained. They can customize the page with text designed to trick users, such as promoting a fraudulent phone number as PayPal Assistance.
PayPal has confirmed that it is aware of these concerns and will continue to monitor the situation closely. The enhanced security update should start rolling out soon, and users are advised to keep their accounts secure by using strong passwords and keeping their devices up-to-date.
Is This Change Secure?
The question on everyone's mind is: will this change actually make PayPal accounts more secure? According to experts, it's too early to say for sure. While the passkey-based 2FA system aims to reduce authentication steps and make signing in faster, it also opens up new possibilities for hackers to exploit.
As Segura noted, "We've seen a new campaign using malicious adverts that impersonate PayPal." This highlights the need for users to be cautious when it comes to their online security. While PayPal's move may seem like a positive step forward, it's essential to remain vigilant and take steps to protect your accounts.
What You Can Do
To stay safe with this new passkey-based 2FA system, here are some tips:
- Make sure you're using strong passwords for all of your online accounts, including PayPal.
- Keep your devices up-to-date with the latest security software and patches.
- Be cautious when clicking on links or accepting payment requests from unknown sources.
- Monitor your account activity regularly to catch any suspicious transactions quickly.
By taking these precautions, you can help ensure that the new passkey-based 2FA system enhances security rather than compromising it. Stay informed and stay safe online!