News

Flaw found in PayPal two-step authentication

BY Dan Berthiaume

San Jose, Calif. – Researchers at computer security firm Duo Security have discovered a flaw in the two-step method PayPal uses to authenticate account-holders. The flaw involves a temporary security key PayPal users can generate with a personal device as an additional step along with their password for account log-in.

Working properly, this second step requires a hacker or fraudster to have physical access to a user’s personal device, as well as access to their password. However, Duo researchers discovered that experienced computer programmers could exploit a vulnerability in how the PayPal mobile app communicates with the PayPal server to bypass the security key and gain account access using only a password. The flaw does not apply to desktop logins.

PayPal has issued a temporary patch for the problem and says users should not be at risk since it uses many other fraud prevention and detection methods beyond two-step authentication.

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Do you expect your business to be challenged by the ongoing escalation of the the heightened U.S.-China trade dispute?