What is multi-factor authentication and a remembered device?
Multi-factor authentication
Authentication is a way of confirming your identity when you sign in to your PayPal account. Multi-factor authentication (MFA) adds an additional layer to the account login process by requiring users to enter two or more authentication methods (or "factors”) for verification. This extra security helps keep customer information safer and reduces the risk of fraud. Multi-factor authentication means authentication through verification of at least two of the following types of factors:
- Knowledge - something you know, such as a password or a memorized PIN
- Possession - something you have, such as a smartphone
- Inherence - something you are, like a fingerprint or facial recognition
What do I need to do?
While most of the time you'll log in or pay with PayPal by entering your login information as usual, we may sometimes surface additional prompts to confirm your identity.
To further safeguard your account, we highly recommend that you complete these steps to enhance or add factors for authentication:
- Create a passkey to log in the same way you unlock your device with a passkey. These unique digital keys make signing in easier, faster and safer.
- Download the PayPal app. If we need to confirm your identity, opening the PayPal App is another way to provide confirmation.
- Keep your contact information updated. Ensure that your contact information is up to date with your current telephone (mobile and/or landline) number, and email address. If we need to ask you for a one-time passcode (OTP), we can send it by SMS, WhatsApp to your mobile phone number, or via phone call to your landline, or by email, so your payment or login won't be delayed.
Do I need to enter a one-time passcode (OTP) every time I log in or pay?
If you are using a remembered device, most times we'll be able to verify your identity (if it’s one of your usual devices). In this case, you may continue to log in to your PayPal account or pay with PayPal as usual, using your email address and your PayPal password.
Where can I get a one-time passcode OTP (One-Time Passcode)
We'll send you a one-time passcode by SMS, WhatsApp, email, phone call or certain external apps each time we need a stronger verification of your identity. It’s important that you keep your phone details up to date in your PayPal account profile to make sure this can work.
What if I don’t receive a one-time passcode OTP (One-Time Passcode) after I requested one?
If you did not receive a one-time passcode while verifying your identity, there are several steps you can take.
- Check that your cellphone provider can receive SMS OTP.
- Check if the number is blocked on your device.
- Contact Us to opt-back into receiving messages.
- Ensure your device software is up to date.
After requesting an OTP, please wait at least 90 seconds (about 1 and a half minutes) for the code to come through before trying again.
How can I use the PayPal App to confirm my identity?
When asked to confirm your identity, you may choose to "Confirm using PayPal app". Once this option is selected, we will send a push notification on your mobile phone that is typically used to access PayPal. If the notification doesn’t appear by itself, open the PayPal app from your phone and the verification prompt will appear on your mobile app to complete the process.
If that doesn’t work either, click Login using other ways on the web screen and retry or choose another challenge to complete the authentication process.
I've already enabled 2-step verification on my PayPal account. Will I see changes?
You won't see any changes when logging in to your account. However, if you decide to disable 2-step verification, please make sure you:
- Enroll for Passkeys for a faster, safer, and more seamless experience.
- Download the PayPal app so that you can open the PayPal App to confirm your identity.
- Keep your PayPal account updated with your current telephone (mobile and/or landline) number and email address.
What’s a remembered device?
A remembered device is a personal web or mobile browser, or mobile device used to get into your PayPal account that we remember after we successfully confirm your identity. This makes it easier to log in, pay, and take other actions with your PayPal account because the device works as one of the two factors needed for MFA. There might be instances where we still ask you for another verification to ensure your account is secure.
How do I manage my devices?
You can review your devices or remove any you don’t want us to remember on your PayPal account.
How can I remove remembered devices?
You can remove remembered devices in your PayPal account settings:
- Go to your Settings.
- Select the Security tab.
- Select “Manage your logins” and click Manage.
- Remove the device.
Tips:
- We will send you a notification whenever we notice a new login from a device we don’t recognize.
- This feature is not available on the PayPal app.
What if my device shows up again after I’ve removed it?
No worries. If you’ve removed your device from the list of remembered devices, it will no longer be used for MFA. It may remain on the list if you’ve used your PayPal account with this device, but we won’t use the device for MFA and will use other authentication factors.