PayPal phasing out Symantec VIP Access

I tried to add a new virtual security key, provided by Symantec’s “VIP Access” smartphone app, to my PayPal account. However, it didn’t work as it used to work, by visiting this link. I only got an error message saying:

“We’re sorry. There’s been an intermittent communication problem. Please try again later.”

To me that sounds like PayPal’s portal needs to communicate with Symantec’s back-end for VIP Access, and there is something wrong.

So I wrote a message to PayPal support, and this is what I got:

“Since last year you only can use a mobilephone number for security keys. Old Keys produced by the VIP Access App still can be used but no new one can be registered. Sadly I have no timeframe how long you can use the registered app keys before they were invalid too.”

It is really very disappointing that they migrate away from this very secure and privacy-concious solution to an inferior one, because it is

  • privacy-intrusive (they require your mobile phone number to send you the one-time code) and
  • definitely less secure (mobile-phone based one-time codes have been demonstrated to be easily interceptable for skilled hackers!)

If you oppose this change, please approach PayPal and voice your concerns.

2 thoughts on “PayPal phasing out Symantec VIP Access”

    1. Thanks for letting me know.

      It’s indeed very interesting to learn that Symantec VIP access, when used with these one-time pins, is basically the same thing as the well-known standard solution we have all been using with Google Authenticator.

      But I think you may not be getting the point.

      My post is about registering new Symantec VIP keys (so it also applies to the alternative client solution you pointed to). And as the alternative client is just another client, the decommissioning of the back-end integration with Symantec’s solution will render all clients useless, regardless whether genuine Symantec VIP or alternative clients. 🙁

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.