Wait. I needed them to do something, and they did, and now I'm mad? Ok, I get they shouldn't have. But right now, over on bizarro HN, there is a thread about how useless PayPal support is because they didnt do this.
Twitter is not a valid or secure (and not a verifiable) means of determining the actual customer wants 2fa disabled. This could have come from any twitter account, and just posting some other email address.
True, but if paypal incorporated twitter sign on with keybase (multiple points) confirmed, it could be a good rationale for accepting it... marginally. Then again, it still remains, should front support staff really have the authority to disable security settings for a customer upon requests, even if the customer requested it through email or dm?
For sure their compliance manager must have given him/her shit, and is probably revising and retraining on security procedures. Well i hope.
I can't use their mobile website anymore, because 2FA just seems to not work there. It assumes you have a key fob and just doesn't seem to know about sending SMS codes.
(Other weird thing about Paypal - whenever I purchase through it, it picks a default shipping address from years ago, that can't be found anywhere on paypal.com, and ignores me whenever I change it.)
5 comments
[ 2.7 ms ] story [ 23.4 ms ] threadFor sure their compliance manager must have given him/her shit, and is probably revising and retraining on security procedures. Well i hope.
(But to be honest, at least they offer 2fa.)
(Other weird thing about Paypal - whenever I purchase through it, it picks a default shipping address from years ago, that can't be found anywhere on paypal.com, and ignores me whenever I change it.)