"Murphy was an optimist!"
Please allow your APIs to bypass 2 factor authentication – Mint and Paypal, I’m talking to you! August 16, 2011 1:15 pmPosted by Doug McCaughan in : Security, Technology
I use and love Mint.com. I use and love my Paypal security key. However, I cannot use the two together. Either I use mint.com without my paypal details (undesirable) or I lower the security on my Paypal account by deactivating my security key (undesirable).
What is desirable is the ability for to authorize certain applications to bypass 2 factor authentication in the same way that Google Accounts allows me to bypass their 2 factor authentication for applications that I trust. So, I should be able to go into my Paypal settings and say “trust mint.com without 2 factor authentication” and it would assign a key (guid, long string of characters, whatever) specifically for mint.com that effectively would be mint’s password into my Paypal account.
To make this work, would require cooperation between Mint and Paypal of course. To see this in practice, go to Google Accounts, turn on 2 factor authentication, then set up Gmail on an iPhone, Blackberry or Android. There’s the model.
See also: Google’s Getting started with 2-step verification for a demonstration of application specific passwords.trackback