The last part is a bit self-serving, as Veridium is a cybersecurity firm focused on passwordless authentication, but it’s still good advice for PayPal. For PayPal to take multiple days to catch this should not be acceptable.Īctively encourage customers to use two-factor authentication, and not just provide it as an option.Īctively eliminate passwords from their user-facing systems by fast tracking Fido Passkey adoption.” There are multiple tools and services that can do this now. Processes to monitor and identify anomalous behavior, like the vast number of login failures from a credential stuffing attack. “As trusted vendors, PayPal and others need to set a higher bar here.
