How to Enable 2FA on PayPal
PayPal handles real money — your bank account, credit cards, and balance. Enabling 2FA with an authenticator app is one of the highest-impact security changes you can make. SMS-only 2FA is vulnerable to SIM swap attacks; an authenticator app is not.
Quick path: Settings → Security → 2-step verification
Step-by-step: 2FA setup on PayPal
- 1
Go to PayPal Security settings
Log in at https://www.paypal.com, click the gear icon at the top, then choose 'Security' from the left menu.
- 2
Open 2-step verification
Find '2-step verification' in the security options and click 'Set up'. Choose 'Use an authenticator app'.
- 3
Scan the QR code with 2FAA
PayPal shows a QR code and a manual setup key. Open 2FAA, scan the code (or paste the key).
- 4
Verify the connection
Enter the 6-digit code from 2FAA back into PayPal and click 'Confirm'. The authenticator is now linked.
- 5
Set a backup method
PayPal asks you to set a backup (usually SMS or backup codes). Save the backup codes somewhere offline — without them, losing your authenticator locks you out of your money.
Generate PayPal 2FA codes with 2FAA
You don't need a separate authenticator app. 2FAA is a free, browser-based TOTP generator — your secret never leaves your device, and it works offline as a PWA. The same secret can be used in parallel with Google Authenticator or Authy if you prefer redundancy.
Frequently asked questions
Is authenticator-app 2FA on PayPal safer than SMS?
Yes, much safer. SMS codes can be intercepted via SIM-swap or SS7 attacks. Authenticator app codes never leave your device — there's nothing to intercept.
Does PayPal charge for 2FA?
No. 2-step verification is free on all PayPal accounts (personal and business).
I'm getting 'invalid security code' on PayPal even with the right code — why?
TOTP codes are time-based. If your device clock is off by more than ~30 seconds, codes will be rejected. Make sure 'Set time automatically' is on for both the device running 2FAA and your computer.
How do I move PayPal 2FA to a new phone?
If you use 2FAA, just import your secrets file on the new device — same codes will work. Otherwise, disable 2FA on PayPal first, then re-enable it on the new device.