What to know about login security

In today’s digital world, threats like phishing attacks and data breaches have become commonplace, and the need for robust online account protection cannot be overstated. The traditional password-based login method often falls short in protecting online accounts from the sophisticated tactics employed by cybercriminals.

For example, if a username and password are revealed due to a data breach or phishing scam, then attackers can use this information to attempt to gain access to every account that used the same password.

Adopting more secure authentication methods during login can help safeguard against unauthorized account access. These techniques can provide peace of mind by adding a layer of defense against cyberattacks.

Understanding advanced account authentication

While passwords serve as an initial barrier to account access, they often prove inadequate when used on their own due to password re-use, weak passwords, and cyberattacks. As a result, more robust user authentication methods are needed to verify a user’s identity during the log in process.

Implementation of multi-factor authentication (MFA) which requires users to provide two or more factors, like a username and password plus a one-time password sent via text. MFA enhances security by requiring a combination of elements that the user knows or possesses.

Passkeys offer another secure way to log into many accounts. While not as widely available as MFA yet, this form of advanced authentication is growing rapidly. Passkeys are a user-friendly and more secure method of authentication that can replace passwords altogether for a more seamless login experience.

How does multi-factor authentication work?

Multi-factor authentication (MFA) enhances the security of online accounts by requiring additional verification factors be provided during log in, beyond the standard username and password.

The factors used in MFA typically fall into three categories:

• Something you know (like a password or security question)
• Something you have (such as a one-time code sent to a mobile device)
• Something you are (such as a fingerprint or facial recognition)

By integrating these diverse factors, MFA creates a layered defense that makes unauthorized access to an account more challenging for potential intruders.

Potential benefits of using multi-factor authentication

The enhanced account security when using MFA provides a substantial advantage over traditional password-only logins. Even in instances where a password has been compromised, if MFA is enabled on the account the attackers will not be able to gain access without the second factor required by MFA. Thus, greatly reducing the risk of unauthorized access.

How do passkeys work?

A passkey is a digital credential that, unlike passwords, does not involve memorizing or typing in a string of characters. Instead, it uses cryptographic techniques to validate the login attempt.

When logging in, the user simply uses a device that they have previously registered, such as a smartphone or laptop. The user then verifies their identity the same way they unlock their device – using their face, fingerprint, device passcode, or PIN. The device communicates with the server using public key cryptography, a method where the private key stored on the device confirms the user's identity without transmitting sensitive information.¹

Strong passwords and device security

Strong and unique passwords are still essential, even with the enhanced security provided by MFA. The strength of a password is the first line of defense against attackers, and not every online account offers MFA and passkeys yet, so keep in mind password best practices.

• Create a strong and unique password for every account. This is especially important for banking, health care, email, and social media accounts. Explore more ways to protect your info.
• Use a password manager. This security tool can create and store strong, random passwords for you, easing the burden of having to remember all your passwords (most people have over 100).

Other important security practices to further enhance online safety include:

• Keep software and devices updated. These updates often include security patches that protect your apps and devices against new vulnerabilities. Discover more device security tips.
• Install reputable security software on devices. This can help detect and block threats before they cause harm.
• Be aware of suspicious emails, texts, and calls. Phishing often mimics legitimate company requests in an attempt to steal personal information.

Advanced login authentication on PayPal

PayPal has mechanisms to ensure the security of user logins. PayPal offers multi-factor authentication (MFA) and the option to use passkeys as an advanced login method. For stronger login protection, consider creating a passkey with PayPal. This method offers a streamlined yet secure way to access accounts without entering a password.

Here are some tips to keep in mind for maintaining the security of a PayPal account:

1. Never share passwords: Keep your password confidential and remember that PayPal will never ask you for your password.
2. Keep contact information up to date: Make sure your contact information is current in your PayPal account. Keeping this information updated is important for receiving one-time passwords (OTPs) when necessary, facilitating access to your account.
3. Download the PayPal app: For added security, downloading and using the PayPal app can provide an easy and secure method to confirm your identity if PayPal needs to verify your account.

Learn more on how to protect your PayPal account.

Secure your logins

Implementing strong authentication methods are key in helping protect one’s accounts. When available, seek to employ MFA or passkey methods to bolster account security and protect personal information. Be sure to review and activate important security and privacy features available across all your digital services.

Learn about security and protection features for PayPal accounts.