
PayPal and Two-Factor Authentication: A "Weakest Link" Case in Point - danielrm26
http://danielmiessler.com/blog/paypal-and-two-factor-authentication-a-weakest-link-case-in-point
======
dcurtis
... and no matter what you do, your username + password will always work using
the PayPal API without the second factor auth. This is true also of E*TRADE
and Bank of America.

~~~
danielrm26
Man, that's weak. I'm all for single-factor, if that's all that's available,
but don't sell two-factor and implement it so it's an illusion.

------
jamesshamenski
The primary problem is that everyone is stuck on this Username+Password
mentality. This is an ancient model that needs a rethink.

I'm working on a solution to replace web site logins. Please ping me if you're
interested or have some expertise in this area. Shamenski of Gmail.

------
lotharbot
I get a 404. Try [http://danielmiessler.com/blog/verisign-vip-a-weakest-
link-c...](http://danielmiessler.com/blog/verisign-vip-a-weakest-link-case-in-
point)

