PayPal Community

j_a_s · ‎Aug-26-2020

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks.

EilaGoss · ‎Dec-14-2022

Thank you. Been an issue for years. It's like banging your head against a wall. Should be an option to turn off altogether- or something like do not ask again option.

ReenieM · ‎Dec-23-2022

How do I stop auto-login from turning on? The minute I get the email saying I'm being auto-logged in, I go to PayPal and turn it off. I want it off permanently. How ?

Kementiri · ‎Jan-26-2023

There is a way to do this. First make sure you are logged out of all devices, disable any payments though Google, turn off auto login and one click pay though Paypal as well. Once you have done all that enable 2 factor authentification. THEN go and change your paypal password. Now if a site tries to log you in it will try and use the old saved password and it won't work and should default to making you sign in and then after that you would use the two factor authentification. I was having issues with Aliexpress and it would NOT let go of my password. I figured that if I changed my password Google was too stupid to update that and I was correct 🙂

ReenieM · ‎Jan-27-2023

Darn - I like my password, but I will change it

thank you!!!!

wildstar87 · ‎Feb-13-2023

Put me as another on the list that wants this HORRIBLE, FLAWED, DANGEROUS security bug to be gotten rid of. Paypal is just trying to get us purchasing without even knowing it. They make their money, so who cares if you didn't actually authorize payment.

In the new PayPal interface there IS NO GEAR ICON. Where do you turn this off, even if it doesn't seem to help. Why does all the help not work with the new interface, none of the stuff exists where it's supposed to be.

The whole purpose to Paypal was to make purchasing on the net, SECURE, SAFE, which this BUG (not a feature) completely sabotages that mandate. Might as well start just using my CC directly, instead of having Paypal get money out of it, for being INSECURE.

PayPal_JonK · ‎Feb-16-2023

Hello @wildstar87,

Welcome to the PayPal Community. I'm sorry to hear there's been some confusion over how to access the settings in your profile. If you do not see a gear icon to get to your settings, it's possible you may have a business account - is that right? If so, you'd want to click your name in the upper right corner, then select Profile Settings, and then you should see the option for "Stay logged in for faster purchases". There you can see if OneTouch is turned on or not. After that, you can go back to your Profile Settings and select "Manage" next to "Manage your logins" at the very bottom.

I hope that helps,

- Jon K

If you find this or any other post was helpful, make our community better by giving kudos or accepting it as a solution.

CoolBarn · ‎Apr-23-2023

I love the way the moderators are very quick to reply to side-issues like how to access the app settings in your profile, but it's been a couple of years since the thread was started, and we are seemingly no closer to a solution to this problem.

Dear Moderators, please pass on to the developers, that we want to be able to disable Auto-login once, and that it STAYS off after doing this.

Once we disable auto-login, why the hell does it magically get enabled next transaction without our express permission?

If a moderator would like to respond and inform us how that solution is coming along, that would be great. Cheers.

COTestDummy · ‎Feb-13-2023

Thanks for the tip. I hate giving out my phone number for TFA. When I saw that PP supports keys, I opted for that instead. Frankly, I wish all websites would use them.

RandomName77 · ‎May-17-2023

Lets set the scene by saying I'm an IT professional with 35 years of experience covering a whole range of topics including security.

Recently, I logged into a merchant account and chose to pay with PayPal. It bypassed the login and went straight to card selection.

I raised this with PP and got a response of "it was a glitch in the system" and "We have configured you account to always ask for a password".

What ever they did, didn't work and the next purchase (on a different merchant's site) when straight to card selection.

The PP Customer rep just did not understand the implication of bypassing my authentication.

PP checked a few things and said they would look into it. In the meantime, they seem to have enabled 2FA via SMS.

Yesterday, I went to make a purchase from a 3rd merchant site and I got the password prompt, but it bypassed the 2FA.

I have researched what might be happening and it does seem like Autologin is getting turned on. When I follow the help to switch it off, the AUTO LOGIN option does not exist on the settings/security menu.

Despite being very clear with the PP CS Rep, they ask....follow these menu options... click Update next to the Auto Login option.....

So, I'm dealing with some very meaning but hopeless customer service reps at Paypal.

At the moment - I'm getting no traction at PP with my problem and getting the run-around with "try this" and "clear you cookies" etc.

by the end of the week, If it is not fixed, the PP account gets deleted. I've had it for over 10 years - shame.

talk2prashant · ‎May-17-2023

I have been dealing with this issue as well. This is beyond ridiculous that this issue has not been addressed after almost 3 years. It's practically that Paypal has intentionally kept such a big security issue open hoping to get some legal action !!

I am sure people have had money spent from their Paypal account by others. Probably only reason Paypal has not been sued is that the others were probably family / Friends - but that is no excuse for keeping this issue open for such a long time.

I came to this forum hoping to find a solution but I realize this is a user community and can only raise questions / concerns. Probably no one from Paypal, no one that matter atleast, even looks at anything here...

I know this post does not help and I am just venting out...but yeah probably gonna close my paypal account - have many alternatives now - venmo, amazon pay, google pay and so on...

PayPal Community

Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

Haven't Found your Answer?