What's going on with security at PayPal?

The article discusses the security issues at PayPal, highlighting that the default login method for many users is now passwordless with a one-time code sent via SMS, bypassing both password and TOTP. Users cannot disable this method of login or remove their phone number from their account. The article also notes that when entering an email address to log into PayPal, an SMS is immediately sent, partially revealing the phone number on the login screen. This makes it easier for bad actors to gain access to users’ accounts. The author recommends removing as much PII from PayPal as possible, using a different phone number for PayPal, or closing the account altogether to mitigate these risks.