Frequent readers already know I am a big fan of two-factor authentication. I use it on my Google account, my WordPress accounts, Facebook, and now PayPal. To turn on free two-factor authentication at PayPal, first download the VIP Access phone app from Symantec. To find it, simply visit m.verisign.com on your mobile phone.
Install the app, open it up, and you will see a screen with two numbers on it. The first is a twelve-digit alphanumeric Credential ID. This is your serial number and it is unique to this install. If you ever need to reinstall the app, you will be assigned a new Credential ID … and you will need to notify all the merchants where you have activated VIP Access. Ugh. Not too happy with this “feature” but I can live with it.
The second number is a six-digit Security Code that changes every 30 seconds. This is the number that you will now need to login to PayPal (and other VIP Access enabled merchants) in addition to your username and password.
Now it’s time to tell PayPal to add this second layer of protection to your account. Sign in, and then visit this PayPal page to set up your security key. The trick here is that PayPal doesn’t mention the free VIP Access app, so you have to pretend that you have what PayPal calls a “Security Key” which they picture as a fob.
Next you will be asked for your Serial Number. This is the number called Credential ID on your app (the one that doesn’t change every 30 seconds.) And you’ll also need to enter the six-digit Security Code into the field that PayPal calls “6-digit code.” Now wait until that code expires, and enter the very next Security Code into the third box.
Now, just a few more clicks to CONFIRM your changes. Ready to test it out? Logout of PayPal, and give your new security a whirl. For a list of all sites where you can use your new VIP Access app to add two-factor authentication, check this out.
No Whammy says
And what happens if you lose your key?
Paypals 2-factor authentication is a joke. It is 1-factor. All you have to do is say you don’t have your key and it asks you the stupid couple security questions. This is NOT 2-factor authentication.