Security Experts:

Podcast: Zach Lanier on PayPal Two-Factor Authentication Bypass

Security Conversations Podcast

Zach Lanier, senior security researcher at Duo Security, talks to Ryan Naraine about a gaping hole in the way two-factor authentication is implemented in the PayPal mobile app (iOS and Android). Because of this bypass, an attacker with a PayPal user’s username and password, even if it is a two-factor-enabled account, can access the account and transfer money -- all without two-factor being enforced.

Related: "PayPal Two-Factor Authentication Bypassed

view counter
Ryan is the host of the SecurityWeek podcast series "Security Conversations". He is the head of Kaspersky Lab's Global Research & Analysis team in the USA and has extensive experience in computer security user education, specializing in operating system and third-party application vulnerabilities, zero-day attacks, social engineering and social networking threats. Prior to joining Kaspersky Lab, he monitored security and hacker attack trends for over 10 years, writing for eWEEK magazine and the ZDNet Zero Day blog. Follow Ryan on Twitter @ryanaraine.