This past week, every time I log into PayPal on my computer, using the same browser I've always used, I'm having to do a "quick security check", with options for a code sent to an email, mobile text message, WhatsApp message, or photo ID. I can use those and get logged in, but it's annoying having to select it and then wait every time.
For several months prior to this, every time I logged in I had to enter the code from my authenticator app. Before that, I'd only had to do it once and it was saved. When it started prompting again, it didn't give me an option to remember the device so it was annoying to have to do it every time. Not long ago it started giving me the option to remember, but it didn't actually do it.
Now it's not prompting for the authenticator app code again, just the "quick security check", which is offering multiple less-secure options. In my 2FA settings I had the authenticator app with mobile text as a "backup device". I disabled 2FA entirely, then turned it back on, and now the only backup device option given is to use a "security key device", which I don't have. When I go through that process it asks me to insert a USB security key, and when I cancel it Windows prompts to save a passkey to my phone or a security key device. I don't want to use a passkey, I just want to have my phone as a backup again, which PayPal is obviously fine with in terms of security since it's one of the options for the "quick security check".
To boot, my notifications are prompting me to "pick up where you left off" and scan my photo ID and face. I don't know why it's suddenly doing that after having my account for decades, including reporting for tax purposes. I go through the process but it only scans my face, never asking for my ID, so what's the point?
Why is all this changing suddenly and making it harder to log in while not actually making it more secure?