How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Two-factor authentication, or 2FA, is an additional layer of security that decreases the likelihood of an account being hacked. The idea behind it is that logging into a service requires something you know and something you have.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Something You Know

Online accounts, typically, only require something you know; a password.

There’s a number of problems with this; it’s often incredibly insecure. The problem is that, as humans, we’re not very good at coming up with unique, random stuff.

Although not all of the world’s 7.13 billion people are on the internet, over half are; that’s 3.188 billion people online. Think you can come up with a unique password …that you’ll remember? Think again.

MD5 Hash

Whilst passwords often undergo a one-way 128-bit cryptographic function, using the MD5 algorithm, to produce a unique sequence of characters of a fixed length called a hash.

The MD5 algorithm has since been found to suffer vulnerabilities.

According to the Password Random website, the most popular password is password. The hash of password is 5f4dcc3b5aa765d61d8327deb882cf99.

If you know the hash value of every word in the dictionary, those words can be given unique hash values. Using a dictionary of hash values of known words it is relatively simple for a hacker to reverse engineer a hash value. That is why it is recommend not to use a single word as a password.

Passwords, Further Reading …and Listening

If you’re interested in password security, Dan Beeston wrote about Understanding Password Security.

I wrote about Picking Passwords: Pitfalls, Practicalities and Protection and Harry Guinness taught you How to Perform a Password Security Audit.

Jordan Merrick and I even had a chat about passwords in our password security podcast.

  • How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account
    Podcast
    Tuts+ Mac Podcast 2: Password Security
    Joel Bankhead

Something You Have

As you can see, passwords alone are not necessarily particularly secure. Authentication relies on something you know. If a hacker knows that something, as well, then they have access to the account.

You’ll recall that I said the idea behind it is that logging into a service requires something you know and something you have.

Whilst a hacker may know a username and password, if the login requires something you have then you are likely to have that something and the hacker is not.

The thing that most people have with them pretty much all the time is a smartphone so it comes as no surprise that it is this that is used for 2FA.

Regardless of whether the second factor is via a numerical code in sent in a SMS text, or whether it is generated by an authentication app—such as Authy, the fact is that the time-sensitive numerical code that you have on the smartphone will be unavailable to someone who is trying to hack an account of yours.

Setting up 2FA on a PayPal Account

Log In to PayPal

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Open a web browser, such as Safari or Google Chrome, and type paypal.com into the omnibar at the top of the web browser window.

I recommend that you do it this way and do not google for PayPal or click on links that you find in emails or on web pages. I specifically recommend typing the domain name into the omnibar as this was you can be sure (relatively speaking) that you are visiting the genuine PayPal website.

At the top right hand side of the screen click the Log In button.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Enter the account username and password and click the Log In button to access the PayPal website account.

Navigating the PayPal Website

Find the Security Key Option

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

In the world of PayPal, the name for 2FA is Security Key. I don’t think it’s a helpful name, but it’s the functionality, and the protection that it affords you, that counts.

From the Summary view of the PayPal account, as shown above, you’ll need to navigate a couple of pages in order to find the Security Key setting.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

On the top righthand side of the screen, click on the Settings Cog, next to the Log Out button, to display the PayPal account profile information.

On the navigation at the top you’ll see a heading marked Security, as shown in the screenshot above. Click this navigation item.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

On the Security screen, you’ll see that the fourth option listed is Security Key. To the right, click Update to access the settings for this item.

Activating Security Key

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

By default, you’ll not have a Security Key. Click the Get Security Key link, as shown in the screenshot above.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

In order to register a mobile telephone number, enter the number in the Enter mobile number: box and the Confirm mobile number: boxes.

Click Register.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

The Security Key two-factor authentication is now set up for the PayPal account. Using the button at the top righthand side of the screen, click Log Out.

Logging In to PayPal Using 2FA

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Again, type paypal.com into the browser omnibar, for the reasons I explained earlier.

The mobile phone telephone number, that you registered earlier, will be partially displayed with the last three-digits of the number showing and the rest obfuscated for privacy and security.

Check that the last three-digits of the number are correct for the mobile phone.

If the number is correct, click on the Send Me the Text blue button.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

After anything from a few seconds to a few minutes, you’ll receive a text from PayPal containing a six-digit authentication number.

This number is time-sensitive and must be used with five-minutes. Beyond this it will time out and you’ll need to request a new Security Key authentication code.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

Enter the six-digit Security Key authentication code and click Continue to go through to the PayPal account.

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

You’ll now have logged in to the PayPal account with something you know, being the password, and something you have being the mobile phone.

This is two-factor authentication and the PayPal account is now much more secure as a result.

Bonus Tip

How to Set Up Two-Factor Authentication, or 2FA, on a PayPal Account

If you’re anything like me, you like to keep contact information up-to-date. With this tip, you’ll be able to see quickly the sender of a text message being PayPal.

Set up a contact card for PayPal and enter the mobile number as 62226. That’s it. No international dialling code. No dialling code. Just the shortcode number.

Now when you receive an authentication message, instead of saying it has come from 62226, it will say that it has come from PayPal.

Note, this is the shortcode that PayPal uses in the United Kingdom. The number may be different for other regions.

Conclusion

In this tutorial I have explained that two-factor authentication is something you know and something you have. In this example, a password and a time-sensitive code sent to you by SMS.

I have explained that two-factor authentication is more secure than a password alone and I have shown you how to set up two-factor authentication on a PayPal account.

It is particularly important to set up two-factor authentication on important accounts, especially any that involve finances.