@AskPayPal Thanks, DM sent
@Scott_Helme @muchilwa @troyhunt @reporturi Maybe revise this recommendation: pic.twitter.com/b4CcsTpSfq
@Scott_Helme @muchilwa @troyhunt @reporturi I wish I knew that…
This π twitter.com/muchilwa/statuβ¦
@troyhunt @grimmware @Scott_Helme @reporturi Well, I am in the single digit population and now I have this anxiety. Where can I get help? π
@crmviking @troyhunt @Scott_Helme @reporturi Do you think average people think that far ahead?
Blaming the user is always easy…
@troyhunt @Scott_Helme @reporturi I think that the main take away is that a small business like @reporturi thought..twitter.com/i/web/status/1β¦lR
@troyhunt @Scott_Helme @reporturi I didn’t ask for it to be that way. But since they didn’t do it properly in the b..twitter.com/i/web/status/1β¦Wp
@Scott_Dayman @Scott_Helme @troyhunt @reporturi @1Password Must have changed now. Back in April I don’t remember having any code…
@m_in_m @GossiTheDog @troyhunt @Scott_Helme @reporturi @LastPass This didn’t work for me. But LastPass fell back to..twitter.com/i/web/status/1β¦lu
@grimmware @troyhunt @Scott_Helme @reporturi I can see the irony π
The risk here is that people will not adopt MFA..twitter.com/i/web/status/1β¦Oi
@living_syn @troyhunt @Scott_Helme @reporturi Also, let’s not forget that not long ago, PayPal offered SMS code onl..twitter.com/i/web/status/1β¦As
@living_syn @troyhunt @Scott_Helme @reporturi Nope, they didn’t. Funny how @reporturi thought about this but @PayPal didn’t.
@troyhunt @Scott_Helme @reporturi That’s not entirely true. The second question is “here’s my username, password *a..twitter.com/i/web/status/1β¦Rr
@RoryGreenfield Well done πͺ
@Scott_Helme @troyhunt @reporturi Successfully recovered my @reporturi account despite no longer having access to m..twitter.com/i/web/status/1β¦tY
@Scott_Helme @troyhunt @reporturi Plus, PayPal doesn’t have a process to cover this edge case. On the phone they as..twitter.com/i/web/status/1β¦rB
@Scott_Helme @troyhunt @reporturi Look, I can live without a PayPal account. That’s not the issue here.
But with a..twitter.com/i/web/status/1β¦JR
@Scott_Helme @troyhunt @reporturi For report-uri you provide a static code that can be used as an alternative to au..twitter.com/i/web/status/1β¦Kt
@Scott_Helme @troyhunt If someone
β
has my password AND
β
can receive SMS for my phone number AND
β
knows my cred..twitter.com/i/web/status/1β¦Lh
@Scott_Helme @troyhunt @reporturi Fair enough. But PayPal doesn’t do that. No other option to get around the authenticator code
@Scott_Helme @troyhunt They ask for additional measures when changing password:
- confirm phone number
- last dig..twitter.com/i/web/status/1β¦qL
Too bad I’m locked out my account because I want to use better security controls… cc @troyhunt @Scott_Helme
It..twitter.com/i/web/status/1β¦Jx
The problem is - this screen does not accept any other method in case you no longer have access to the Authenticato..twitter.com/i/web/status/1β¦0I
So, @AskPayPal - I have the same problem as here: paypal-community.com/t5/My-Account/β¦
I bought a new phone, no longer have acc..twitter.com/i/web/status/1β¦9E