top | item 32615713

(no title)

No strong disagreements with the article, however... It's TOTP, not TOPT (a mistake made throughout the article). I am skeptical of the qualifications and much of the basis for complaint.

Using anything based on a phone for sole verification is inexcusable in any situation, but is that really the case with PayPal? I have an account with MFA and... I don't think that's true

discuss

levymetal|3 years ago

OP here - thanks for pointing that out, for some reason when I try to type TOTP my fingers keep defaulting to TOPT - some kind of muscle memory I guess. In any case, this has been corrected, although I'm unsure how a simple spelling mistake discredits the basis for the complaint.

> I have an account with MFA and... I don't think that's true

Try log in using Incognito/private browser. I am either defaulted into the one-time SMS flow, or given the option to log in with a one-time SMS code. In either case, if I enter the SMS code I am not prompted for my password nor TOTP.

bubblethink|3 years ago

>although I'm unsure how a simple spelling mistake discredits the basis for the complaint

Welome to HN, the bikeshedding capital of the world.