Paypal doesn't seem to have a software implementation

[bbigras]

I don't see how to use software implementation like Google Authenticator.

Am I missing something?

[mxxcon]

Verisign VIP has software https://idprotect.verisign.com/desktop/home.v and mobile website https://vipmobile.verisign.com/home.v

[dsoegijono]

Maybe a note should be added that software implementation is through Verisign VIP? The linked doc doesn't seem to say anything about it, and it might be confusing.

[mxxcon]

@dsoegijono you don't think if somebody decides to active PayPal with verisign vip they wouldn't know what it supports?

[dsoegijono]

@mxxcon I was thinking the note is more for PayPal users who don't use Verisign VIP. I'm guessing that's why @BrunoQC doesn't think Software Implementation is supported.

[mxxcon]

Hrm...but then we are getting back to the subject of listing every implementation for every site 😓

[dsoegijono]

@mxxcon Was there another thread discussing this issue?

[mxxcon]

@dsoegijono #208 among a few other.

[dsoegijono]

@mxxcon I agree that we shouldn't list every implementation for every site, but I think for cases like this one, it should be noted. If I see that an implementation is supported, I would assume that I can set this up through the website's account settings, unless noted on the doc linked. In this case, the PayPal doc doesn't say anything about software implementation, or about Verisign VIP.

[smholloway]

See previous pull requests discussing PayPal: https://github.com/jdavis/twofactorauth/search?q=paypal&ref=cmdform&type=Issues.

From your screenshot, I would say that the "Register your mobile phone" blurb indicates that they have a software implementation (a phone-based security key) even if they don't support Verisign, which they seem to.

[bbigras]

From your screenshot, I would say that the "Register your mobile phone" blurb indicates that they have a software implementation (a phone-based security key) even if they don't support Verisign, which they seem to.

I don't think "Register your mobile phone" indicates that they have a software implementation since they say "We'll send your secure code by SMS message".

[smholloway]

Ah, yes. I suppose it pays to read the entire paragraph. More to the point, PayPal allows use of Verisign Identity Protection, which is available as a soft token: https://idprotect.verisign.com/learnmoremobile.v (a few clicks gets you to the download links: https://m.vip.symantec.com/home.v). PayPal offers a software implementation.

[jamcat22]

Users would also be able to go to the providers page http://twofactorauth.org/providers which would tell them that Verisign VIP uses a soft token or hard token.

[astec-mw]

Rather than complicating the table, I believe that we should consider writing our own docs in case the official docs are insufficient.

[jdavis]

@mww We are sort of doing that right now in the notes/ directory of the repo.

[Carlgo11]

Can this be moved to #1026?

[jdavis]

Yeah, I think so, @Carlgo11.