I'm fairly confident everyone in this discussion is human.x9200 wrote:It is only less secured because of the human factorzzm9980 wrote:More convenient, but less secure.x9200 wrote: - PP is more convenient to use (password based system - no need to key in all the cc info every time)
If you're using a password for financial transactions that you can remember easier than your CC information, you've already lost. What you should be doing is strong passwords per-site/service and keeping them in a password manager.
And SMS (or anyone else) is going to have a unique password like this for every site? The risk you're trying to mitigate is a site getting compromised and passwords leaking. Then your accounts at every other site you used that password at is at risk.SMS, I would not recommend to use any password manager for this sort of service where you may lose a lot of money and you are protected by a single authentication factor. Just make up one complex enough but with elements easy for you to remember: e.g. SmS#BluJAZZ_e-A-G-L-S_gathering%2015
Until you manage to get it remembered write it somewhere down, inside your shoe for example, or if you use PP only from home, inside the toilet flushing water tank. No, I'm not kidding. After you remember, remove it.
Use a password manager, and then your advice for the password to that password manager. Don't destroy it when done. Put it in a safety deposit box or something. The risk is much higher of your password getting leaked through a hacked site than from someone breaking into your house and finding the scrap of paper with your password. And even *if* that happens, the people doing that are less likely to be interested in stealing your login credentials than your jewelry.