nDash.com is a content creation platform that provides brands and agencies with access to the world's top freelance writers.

Idea from Andrew Sanders


In IAM Fail, PayPal Let Attacker Bypass 2FA


Two-factor authentication is supposed to be the cornerstone of a good IAM strategy, but companies keep screwing it up. Text-message-based 2FA is already considered insecure, for example. Now, a security researcher has discovered another failure in the way that 2FA was implemented at PayPal. This article will run down the specific failure, and what other companies should take away from this.


Andrew Sanders


  • two-factor authentication
  • 2FA
  • IAM
  • Links

  • https://nakedsecurity.sophos.com/2016/10/28/paypal-2fa-bypass-how-did-that-get-past-testing/
  • https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/