Slightly technical grump about 2FA
paddyrg
Forumite 13.5K Posts
✭✭✭✭✭
2FA, second factor authentication, the PayPal main implementation is a temporary use SMS code to validate that the person logging in at least had access to the account holder's phone. As such, my PayPal password is useless to a hacker without also having my phone to hand in the same few minute window. It's a good system, except...
Their mobile app and web site don't support it properly. A huge percentage of browsing comes from mobile devices these days, especially impulse purchases, other companies with 2FA like Google understand this well, and support it well, but it costs eBay sales. That's y some of our customers unable to pay because the only option is closed to them through lazy implementation. This isn't new, I've complained to them about this for 2 years, nobody cares. They suggested I unsecure my account (cheers! Provide security but then tell me to become vulnerable to fraud because of some stupid non-decision by someone lazy).
Think about it, in an age where I can be in bed trying to buy cress seeds, see a listing on eBay, BIN, how convenient, saves me a 2 minute walk later in the day. I'm security conscious as I hope we all are, and where it's practicable to use a modicum of security, I do (this past year, something like 100 MILLION credit card numbers have been stolen in the USA alone in a string of high profile breaches of big companies who should do better). PayPal have offered 2FA for years, wisely, and fast provides us both with additional security - both them and me. Except by not offering it on mobile devices (roughly half of all online shopping in 2015) they have made my cress purchase impossible. They will not let my powerful top of the line smartphone see the 'desktop' version of the site where I can initiate and enter the 2FA code, they force me to logon to a desktop machine to do so. To do that, I'm no longer in bed but have walked to my workplace and bought my cress seeds on the way! That's a lost sale for somebody - and it isn't the first time. There's zero technical reason why this can't be solved, indeed at its simplest, allow my phone to see the desktop site as it has way better screen resolution anyway, and a more secure internet connection toboot! Or, trivially, support it on the mobile logon interface. And only slightly more work to support it properly on the mobile app.
So, Mrs cress seed seller, sorry you don't have my money, it's all down to the laziness of the only payment processor we're allowed to use not supporting their own systems. Truly dumb.
Their mobile app and web site don't support it properly. A huge percentage of browsing comes from mobile devices these days, especially impulse purchases, other companies with 2FA like Google understand this well, and support it well, but it costs eBay sales. That's y some of our customers unable to pay because the only option is closed to them through lazy implementation. This isn't new, I've complained to them about this for 2 years, nobody cares. They suggested I unsecure my account (cheers! Provide security but then tell me to become vulnerable to fraud because of some stupid non-decision by someone lazy).
Think about it, in an age where I can be in bed trying to buy cress seeds, see a listing on eBay, BIN, how convenient, saves me a 2 minute walk later in the day. I'm security conscious as I hope we all are, and where it's practicable to use a modicum of security, I do (this past year, something like 100 MILLION credit card numbers have been stolen in the USA alone in a string of high profile breaches of big companies who should do better). PayPal have offered 2FA for years, wisely, and fast provides us both with additional security - both them and me. Except by not offering it on mobile devices (roughly half of all online shopping in 2015) they have made my cress purchase impossible. They will not let my powerful top of the line smartphone see the 'desktop' version of the site where I can initiate and enter the 2FA code, they force me to logon to a desktop machine to do so. To do that, I'm no longer in bed but have walked to my workplace and bought my cress seeds on the way! That's a lost sale for somebody - and it isn't the first time. There's zero technical reason why this can't be solved, indeed at its simplest, allow my phone to see the desktop site as it has way better screen resolution anyway, and a more secure internet connection toboot! Or, trivially, support it on the mobile logon interface. And only slightly more work to support it properly on the mobile app.
So, Mrs cress seed seller, sorry you don't have my money, it's all down to the laziness of the only payment processor we're allowed to use not supporting their own systems. Truly dumb.
0
This discussion has been closed.
Latest MSE News and Guides
