A bigger problem for me is that two-factor authentication for PayPal is available only in few countries (US, UK and Germany I think). I tried to get a token but no chance; not even software with mobile app. When contacting support I was considered as a freak probably - they completely didn't what is the problem without 2FA. I really don't get it, why being global they limit 2FA to a few countries.
Actually I use PayPal more often since they provide 2FA. They are stupid because this could be a win-win for them and tech aware consumers like us. I also wished they used Google Authenticator instead of this SMS... they (SMS) sometimes take ages before delivered.
They also support VeriSign VIP (https://idprotect.verisign.com/mainmenu.v), which you could take mobile app - should be better than waiting for SMS. At least in theory as I cannot validate it, because 2FA is not available in Poland.
Unfortunately, there is no open source implementation of the VIP number generator. On the other hand, Google Authenticator is based on TOTP, and has several open source implementations. I don't want to run a separate, proprietary 2FA app for every single service, when they can all just use the standard set out in IETF rfc6238.
Glad it worked. And this is what I don't get. I understand they may not want to distribute hardware tokens in some countries, support SMS, as it is a burden. But why don't they just allow me to activate an existing token?!
