Every few months we hear about yet another hacking attack on a major website or service. Personal login details are frequently leaked online and tens or even hundreds of millions of accounts can be exposed at a time.
With your username and password available to hackers and thieves in the darker regions of the internet, you could find yourself locked out of the sites and services you use, and accounts that deal with money, such as your bank and PayPal could be emptied.
It is a scary thought.
Online security has become a serious problem for anyone that uses the internet and no doubt you have had to change your password at one or more compromised sites already. You are lucky, or don’t use many websites or services, if you have not yet been to victim of leaked login details.
What can you do to protect yourself? Use 2FA.
What is 2 factor authentication?
2 factor authentication, sometimes abbreviated to just 2FA or even called two-step verification, is a way to make online accounts much more secure than just a username and password.
It uses a trusted device, such as a mobile phone, to check that it really is you that is logging in to a site or service and not someone else, like a hacker or a thief.
When you log in to a site where 2FA has been set up, a text message is sent to a trusted phone or computer. The message contains a code, often six digits, that you must enter into the site in order to complete the login process.
This means that no-one can log into the site or service without your phone. Including you!
The reason why this makes it so secure is that most hackers don’t know you and they do not have access to your phone. They might not even be in the same country.
PayPal lets you add 2FA, which the company calls a security key for some reason. Let’s see how to set it up and use it to protect your PayPal login details.
1 Your PayPal profile
Log in to PayPal on your computer and go to your profile. Select My account settings.
2 Add a security key
Look for Security key in the list of items (it works like two factor authentication) and click Get started.
3 Get a security key
PayPal lists the security keys and there will be none if you have not used this feature before. Click Get security key.
4 Add a phone
Enter the number of your mobile phone. PayPal should detect the country code automatically, but just check it is OK. Click Register.
5 Wait for the code
The code is sent via text message to your mobile phone. You might get it straight away, but it could take a couple of minutes.
6 Check your phone
Watch your phone for the text message and open it when it arrives. Enter the six digit code into the website. The code is valid for just five minutes, so don’t delay.
7 View your security keys
You are returned to the Security Key screen and your trusted device - your mobile phone - is listed. There is no need to activate it because it is already activated. If you ever change your phone and get a new number, the old one can be selected and deactivated here.
If you have another phone or a partner with a phone, you can get another security key. It is useful to register two phones in case one is lost or broken.
8 Log in to Paypal
So what happens when you log in to Paypal? After entering your username and password in the usual way, you will see this.
Click Send Me the Text and a code is sent. Enter it and you are logged in. Anyone that has your username and password will not be able to get past this point because they do not have your phone.
More secure, more irritating
Adding 2FA to an online account makes it more irritating to use because you must first log in, then wait a minute or two for a text to arrive, open the text on your phone, which might be locked, and then type the code into the login page.
Your accounts are more secure, but more irritating to access.
Some sites and services let you specify trusted devices, so if you use the same computer and the same browser that you used before, you are not asked for the 2FA code again.
PayPal requires it every time. Even on the phone that is designated as your trusted device, if you log in with the app. That makes it extra annoying.
Security is a pain and I wish it wasn’t needed, but there are just too many security breaches these days. Also, usernames and passwords are often used in more than one place, so if one site is hacked, the hackers can access all your accounts that use the same login details.
Protect your PayPal account.