Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

j_a_s
Contributor
Contributor

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks. 

Login to Me Too
116 REPLIES 116

JamesDCan
Contributor
Contributor

Absolutely agree with everyone else here. This should NEVER enable itself automatically - it should always require opting in on login. At the very least, let us opt out for a device permanently when disabling it. Having to log in each time I buy something with PayPal to disable an auto-login that I never requested and never want is ridiculous.

Login to Me Too

Bob499
Contributor
Contributor

Agree, if this isn't fixed soon I will be using another service.  I have been with paypal for nearly 20 years, but as you stated, the reason to use the service is for security and they are actively removing the user's ability to remain secure with online payments.  D- paypal.

Login to Me Too

shelleywa
Member
Member

So it's now December - 4 months on from the OP. I came here today because I'm having the same problem. Over and over again... "we've made it easier for you to check out...". Well no, actually you've made it a pain in the A to have to log in and turn this feature OFF. Every. Single. Time.

 

Please fix this! 😵

Login to Me Too

Temp20221223K
Contributor
Contributor

They absolutely know about it.  I got this single veiled response during a month long chat session with them - this from CSA Romelyn:

 

Currently, PayPal prompts password login at checkout every-time. This creates friction for our highly engaged and trusted consumers.
Customers who frequently use the same device(s) will no longer need to enter their login information at checkout based on risk criteria. This reduces friction at checkout and shopping cart abandonment while maintaining account security.
 
No one else responding to my message string made any attempt to convey that^^^.  They kept trying to get me to clear my cache, etc. etc. etc.  I gave up trying to get it resolved, but complained highly in the surveys I received after the chat ended.
Login to Me Too

JamesDCan
Contributor
Contributor

Whoever earlier mentioned that a workaround for this is setting up 2-factor authentication is correct - there is an optional checkmark for trusting the device when entering a 2-factor code, which is unchecked by default. It's a good idea for a payment service to use this anyway, and I'm glad I finally set it up... Still, this should NOT be necessary to stop this behaviour - if they want to make it easier for people, that should still be opt-in, not opt-out, and certainly not opt-out EVERY TIME.

Login to Me Too

Lovelyevenstar
Contributor
Contributor
It’s complete and total B.S. I can’t stand auto login/one touch. Worst idea I’ve ever seen with Paypal. And it seems the people they call customer support don’t even know what it is much less how to help. Just got off a long and utterly irritating call with the second customer service person today who had no idea what it was?! All I wanted was help turning it off because their website was having issues with letting me turn it off. Absolutely infuriating. I’d stop using Paypal over this if it wasn’t the easiest way to protect my payment info when it comes to buying. Im at my wits end with stupid a** one touch though.
Login to Me Too

GEBXLH
Member
Member

Yep, I just got this idiotic AUTO LOGIN dumped onto my account as well, and like everyone else, I can't turn it off. Makes me absolutely FURIOUS that in this day and age of so much internet hacking and security risks that some <removed> or <removed>  at PAY PAL decided that this was a great idea. Account holders should have been given a YES or NO option on AUTO LOGIN right off the bat. If this is not fixed soon,......I'l be looking for an alternative service, and SO LONG,  PAY PAL.  

Login to Me Too

Weouza
Member
Member
Agree, my children were able to buy online game money without my knowledge just because I’ve used PayPal before on our home computers. This is a major major problem that needs urgent fixing!!!!!!
Login to Me Too

vicmowery
Contributor
Contributor

Every time I use a device to login to PayPal, I get an email that says "we recognize this device... blah... we have enabled auto login for future transactions, etc..."  I go and turn it off, but it happens again next time.  I do not see an option to disable it permanently, and there is never an option during the transaction to allow it or not.  Very annoying that Paypal wants to help me like that but doesn't let me decline.   By the way, this "feature" is about a year old or so...never happened before then.

 

How can this be shut off completely?

 

Secondly, I found no option to email Paypal about this, only to chat.

Login to Me Too

AngiesTyping
Contributor
Contributor

I, too, would like to permanently disable this "feature."  I have multiple PayPal accounts (one for personal use, one for business) and having PayPal "conveniently" decide which account is going to be automatically logged in at a given time has created some significant accounting headaches, especially since I may not see the email that it's happened until much later.  Please, PayPal, tell us how to make it STOP!!!  Just to be clear, I NEVER want this feature turned on for either account.

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.