PayPal was one of the first large online services providers to offer two-factor authentication to its users, but until recently the company's implementation had a loophole that could have allowed attackers to bypass this additional protection.
Two-factor authentication (2FA) systems prevent hackers from misusing stolen user names and passwords by requiring an additional randomly generated security code during the authentication process. Depending on implementation, the secret codes can be generated using a special mobile application, can be received via text message or can be generated by a physical hardware device.
