Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

j_a_s
Contributor
Contributor
Posted on
‎Aug-26-2020 01:36 PM

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks. 

Login to Me Too
Login to Reply or Kudo
132 REPLIES 132

denniz1
Contributor
Contributor
‎Nov-05-2024 12:08 AM

you must know this security hole has been left open for a reason why reply with rubbish isn,t it better to be honest and just not reply

Login to Me Too
Login to Reply or Kudo

EilaGoss
Contributor
Contributor
‎Dec-11-2021 02:44 AM
Is this the issue? No password required? Options EilaGoss New Community Member Posted on  ‎Dec-10-2021 10:48 PM When using Ebay the PayPal payments are going through without my having to put in a password. Why? Is there a way of stopping this?
Login to Me Too
Login to Reply or Kudo

j_a_s
Contributor
Contributor
‎Dec-11-2021 05:13 AM
Once you log in you have to actively log out otherwise you'll stay logged in forever. Every time I do a payment, I have to go into PayPal and log out. You shouldn't have to take that extra step - the system should automatically log you out when you leave or time out after a certain length - but it doesn't. That's a separate issue from the auto-login problem. It's shocking that a financial company doesn't take the most basic security precautions.
Login to Me Too
Login to Reply or Kudo

EilaGoss
Contributor
Contributor
‎Dec-12-2021 03:58 PM
Thank you. I agree the system should automatically log users out. I think it may do after a certain amount of time as I got a notification that I had timed out trying to get into the forum...
Login to Me Too
Login to Reply or Kudo

shine75
Contributor
Contributor
‎Dec-23-2021 05:19 AM
This gets me so angry. I’ve complained SEVERAL times . It’s exactly the same response. They tell me how to turn it off …. Which is not at all the issue . I know how to turn the damned auto log in option off , they make me do it once a week . Every time they say they’ll escalate the complaint to their techs but it just keeps happening. I don’t understand how a business, who’s top objective is security , can blatantly disregard it in this fashion . It’s absolutely ridiculous
Login to Me Too
Login to Reply or Kudo

SomeUser567
Contributor
Contributor
‎Dec-23-2021 06:20 AM

It doesn't matter what a business claims their "top objective" is, it's always to make as much money as possible. PayPal has made the calculation that they'll make more money by having people constantly logged in than they would by being more secure for their users. This is the same calculation they made when they let sellers slip in automatic payments on you. After every PayPal purchase you have to check your automatic payment settings to make sure PayPal didn't give the seller back door access to your money.

Login to Me Too
Login to Reply or Kudo

denniz1
Contributor
Contributor
‎Nov-05-2024 12:11 AM

be careful what they done to me is my "Update next to Auto Logins" has disappeared altogether because i kept turning it off in "security" now i have to save an old email which still has the link

Login to Me Too
Login to Reply or Kudo

chaos215bar2
Contributor
Contributor
‎May-16-2022 10:29 AM

This is absolutely insane, and customer support is clueless. I'll call and try to explain for the tenth time that this is a shared computer, and I never want PayPal to automatically allow anyone to do anything without a password, and all they'll say is that their automated system decided to trust my computer and that I can remove the trusted computer by signing into my account, which obviously completely misses the point.

 

I guess the only way to prevent PayPal from letting others use my payment information without my password and without my permission is to simply remove all the payment methods from my account and stop using PayPal.

Login to Me Too
Login to Reply or Kudo

EilaGoss
Contributor
Contributor
‎May-16-2022 03:01 PM
Totally agree. However I needed to log in to reply to your post! It lets me pay for stuff without logging in though... Also makes me prove I'm not a robot Ahhh
Login to Me Too
Login to Reply or Kudo

Drgnwyr
Contributor
Contributor
‎Jun-30-2022 04:40 PM

@EilaGoss That is because this community site is not “Paypal” per se and has better security than Paypal

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.