
PayPal Disables 2-Factor via Twitter DM x/post - reviseddamage
http://imgur.com/a/Tu1AN
======
tedunangst
Wait. I needed them to do something, and they did, and now I'm mad? Ok, I get
they shouldn't have. But right now, over on bizarro HN, there is a thread
about how useless PayPal support is because they _didnt_ do this.

~~~
grhmc
Twitter is not a valid or secure (and not a verifiable) means of determining
the actual customer wants 2fa disabled. This could have come from any twitter
account, and just posting some other email address.

~~~
reviseddamage
True, but if paypal incorporated twitter sign on with keybase (multiple
points) confirmed, it could be a good rationale for accepting it...
marginally. Then again, it still remains, should front support staff really
have the authority to disable security settings for a customer upon requests,
even if the customer requested it through email or dm?

For sure their compliance manager must have given him/her shit, and is
probably revising and retraining on security procedures. Well i hope.

------
thesimon
PayPals 2-factor is terrible to begin with. Only site I need Symantec VIP
Access for, because implementing de facto industry standards is overrated.

(But to be honest, at least they offer 2fa.)

~~~
astrange
I can't use their mobile website anymore, because 2FA just seems to not work
there. It assumes you have a key fob and just doesn't seem to know about
sending SMS codes.

(Other weird thing about Paypal - whenever I purchase through it, it picks a
default shipping address from years ago, that can't be found anywhere on
paypal.com, and ignores me whenever I change it.)

