I tried to add a new virtual security key, provided by Symantec’s “VIP Access” smartphone app, to my PayPal account. However, it didn’t work as it used to work, by visiting this link. I only got an error message saying:
“We’re sorry. There’s been an intermittent communication problem. Please try again later.”
To me that sounds like PayPal’s portal needs to communicate with Symantec’s back-end for VIP Access, and there is something wrong.
So I wrote a message to PayPal support, and this is what I got:
“Since last year you only can use a mobilephone number for security keys. Old Keys produced by the VIP Access App still can be used but no new one can be registered. Sadly I have no timeframe how long you can use the registered app keys before they were invalid too.”
It is really very disappointing that they migrate away from this very secure and privacy-concious solution to an inferior one, because it is
- privacy-intrusive (they require your mobile phone number to send you the one-time code) and
- definitely less secure (mobile-phone based one-time codes have been demonstrated to be easily interceptable for skilled hackers!)
If you oppose this change, please approach PayPal and voice your concerns.