Welcome to the Two Wheeled Texans community! 
Feel free to hang out and lurk as long as you like. However, we would like to encourage you to register so that you can join the community and use the numerous features on the site. After registering, don't forget to post up an introduction!
That is correct because when you use F&F you're basically telling PayPal that you're not paying someone for something, you're just giving money to someone as a gift. It's like buying a gift card from a store, losing it, and then going back to the store and asking them to make you whole again. Although in this case I hope TBucket can pursue this for a better result.
Got to start that process somewhere. Keep us in the loop.
Best of luck to you. PayPal is just a couple of miles from me, and if I wasn't enjoying retirement so much I'd consider going to work for them as a financial investigator as I love going down those rabbit holes to catch people.
Yup, unless I personally know the person, I agree on a price based on the paypal fee's.
Would it help you to have the other email addresses they were using?
That is very kind of you. But No worries. I do appreciate
TFA means that even if you log in, the system will still require another way to authenticate you. There are several ways to accomplish this, but the most common method is handled via the site sending a text message containing a code (series of numbers or letter) to the phone that you have registered with that system. You receive the code on your phone, you enter the code into the system, and the system allows you in.
Hmm, I'm gonna have to ask the wife to make an extra plate of dinner sometime soon so you can come set me up. Not really sure I understood what you said.The one I use with TwTex is an authenticator app. Essentially it is a random number generator with a common seed, so the number you have to type in changes like every 30 seconds or so. The attacker would have to have the seed and the password to be able to login, even if they are main in the middle attacking you they could get your password, username, but not the seed, because it's never sent, just the random number output, so when that number changed in 30 seconds well they would have problems. This is probably more in depth on how it actually works than you want.
The way I handle this is kind of an in between on security. Best security is to have a password safe and a separate app on your phone, because this gives two places that have to be compromised. I use bitwarden and it handles the TFA and auto-fills it. Security vs usability, since this takes only and extra 5 seconds for me to login and I don't have to think, I use it.
The big reason to use a password manager like bitwarden, 1password, or keypass, is it makes managing unique passwords for every sight very easy. This is important, because the way stuff is usually compromised is one site has some issue that is exploited, like an sql injection (can display parts of a database not intended to be seen by the public, like password hashes and usernames or plain passwords if the web designer is bad) then the password and email or username is used on a different site. This is why https://haveibeenpwned.com is a very good sight to check your logins against. Bitwarden allows me to automatically check my logins against this database. This looks at all of the known compromised website logins and sees if your password has been changed since the last compromise. The keyring never sends your password, just website and login.
And next week in Darty's cybersecurity course we will talk about one way private/public one way encryption.
