There should be a blacklist for websites that don’t allow 2FA or do it through SMS. There’s no excuse for sites such as PayPal not allowing TOTP, only some prehistoric hardware based token generator.

  • 0
    PayPal allows Symmantic VIP access in Software (==TOTP, but with proprietary key exchange) but they hide it very well and the initial registration of the token only works sometimes and only though their ancient /cgi-bin sites (if you find them). Even hardware tokens might worm.
    After that, it works fine.

    Here is the link (you have to be logged in): https://paypal.com/webscr/...
Add Comment