fwiw, enabling two-factor authentication and using a smart-phone authenticator app adds an extra layer of security. anyone not in physical possession of the phone and the ability to unlock it cannot make a paypal transaction
Is it possible to use two-factor authentication with anything other than a message sent to your phone? I am in other countries quite often and my normal sim card would not be in the phone to avoid roaming or would an email authentication be just as worthless as not having one at all?