How to set up PayPal’s two-factor authentication

Advertiser Disclosure

by Aidan Kang, CFA

Senior Writer

Identity Theft

UPDATED: August 20, 2022

If you’re using PayPal for your financial transaction, you know how important it is to secure your account. Have you activated its two-factor authentication option?

PayPal's two-factor authentication (2FA) feature makes your transactions more secure, whether you're using the app for personal or business purposes. It also makes it harder for identity thieves to hack into your PayPal account.

It's easy to activate 2FA for both your web and mobile PayPal app. We break down the process below, which we also double-checked against PayPal's official guide, security forums, and other reliable sources online.

Read until the end or you'll miss a critical discovery we made during our research: how hackers can bypass PayPal's 2FA feature by tricking you into sending your 2FA token to them.

How to turn on 2FA for your PayPal account

Before we get started, there's one thing you need to know: when 2FA is turned on, you'll usually need your phone (or another device) with you every time you sign in to your PayPal account. 

That's because 2FA works by sending you a one-time code (OTC) via text. You need both this code and your password to log in.

If you don't have your phone or security key with you, you won't be able to sign in to your PayPal account. 

So if you're the forgetful type, you might want to consider another 2FA option like an authenticator app.

With that out of the way, here's how to turn on 2FA for your PayPal account:

1. Sign in first to your PayPal account and look for the Settings icon (it looks like a gear) at the top right. Click on it.
2. Click Security on the left side of the page.
3. Under 2-step verification, click Set Up or edit (if you've already set up 2FA).

Now, you can choose how you want to receive your OTC.

PayPal 2FA via SMS code

Enabling this 2FA option on PayPal will require you to enter a unique code along with your regular password every time you log in. 

The code is sent to your phone via text, so you'll need to have your phone with you when logging in.

To turn on 2FA on PayPal via SMS code:

1. Complete the basic steps until you reach the Setup page
2. Select “Text me a code.”
3. Click “Set Up.”
4. Click “Next” or go to the drop-down menu to input a new phone number.
5. Enter the 6-digit code sent to your number.
6. Click on “Confirm.”
7. Tap “Done” to finish set up.

PayPal 2FA via an authenticator app

If you prefer not to receive a text every time you log in, you can use an authenticator app like Microsoft Authenticator or Google Authenticator instead. 

These apps generate OTCs that change every 30 seconds or so. So even if hackers were to intercept the code, it would be useless by the time they tried to use it.

To turn on 2FA on PayPal via an authenticator app:

1. Complete the basic steps until you reach the Setup page.
2. Look for the “Use an authenticator app” option and click on it.
3. Click “Set Up.”
4. You'll need a secret key to set up your authenticator app. It's a 16-character code that looks something like this: 7VHU4SX5DCG6MWF. You can get it by scanning the QR code on the screen or by manually entering it into your app.
5. Open your authenticator app and add a new account using the secret key.
6. Enter the 6-digit code displayed in your authenticator app.
7. Click on “Confirm.”
8. Tap “Done” to finish set up.

How to sign in to PayPal with 2FA enabled

Once you've turned on 2FA for your PayPal account, you'll need to take a few extra steps to log in. Here's how:

1. Go to the PayPal login page and enter your email address and password like normal.
2. Click on “Continue.”
3. You should now see a page that says “Get your one-time code.”
4. Check your phone for the 6-digit code and enter it. The code is only good for 10 minutes, so if you don't receive it right away, click on “Resend.”
5. Click on “Continue.” You should now be logged in to your PayPal account.

If you're using an authenticator app, you may not see the “Get your one-time code” page. Instead, you'll be taken straight to the “Enter your code” page. 

Just open your app and enter the 6-digit code when prompted, and you should be able to log in.

The Benefits of using PayPal 2FA

Waiting for an extra code every single time you use PayPal may seem like a hassle, but it protects your PayPal account and information in important ways:

The worst mistake you can make with PayPal 2FA

You still need to be careful even with PayPal's two-step authentication turned on. Identity thieves are already aware of security features like this and have found ways to work around them.

The worst mistake you can make is to click on a phishing link that claims to be from PayPal. These fake links are designed to steal your login information, and they're becoming more and more convincing. 

If you're ever unsure whether a link is real, it's best to type www.paypal.com into your browser and log in from there.

In addition, here's how to tell if a PayPal link is fake:

1. The link doesn't start with https://www.paypal.com.
2. The link has extra characters or strange spelling in the domain name (e.g., paypa1.com or paypol.com).
3. You can hover over the link to see where it's really taking you. If it's not https://www.paypal.com, it's fake.

If you ever accidentally enter your information into a fake PayPal login page, change your password and contact PayPal right away.

Wrapping It Up

As a PayPal user, you can never be too safe when it comes to protecting your account. Enabling features like two-factor authentication helps keep your money and account safe from hackers, even if they do manage to steal your password.

Aidan Kang, CFA

Aidan has been writing about personal finance for over 6 years. Prior to this, he worked as a Corporate Finance Analyst where he specialized in Due Diligence, Company Valuations and more. He is a CFA charterholder.