Posted: Tue 05 Jun 2018, 14:26 Post subject:
PayPal does support VIP hardware tokens! Subject description: even though they make it hard to activate one
Some time ago I bought a box of hardware tokens labeled PayPal and VIP.
I figured this would enable me to add a one-time code from a physically separate device to my PayPal login, making it much harder to hack.
My next problem was that PayPal did not want to admit they still supported this, though I could see videos about people using them. There simply was no way to navigate my account pages using buttons to reach the page needed to activate 2FA with a hardware token. They mainly depended on text SMS messages, which present another problem due to vulnerabilities in SS7.
I haven't found any way to navigate to that page without typing the URL.
For most people the free VIP app on a smart phone will be easier, and that should be more secure than simply sending an SMS text message over SS7. The problem is that programmable devices like phones can be hacked. Hardware tokens designed to resist tampering can't as easily be hacked. With a physically separate hardware token neither your mobile phone nor your computer ever has the seed that generates time-dependent one-time passwords.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum