PayPal Community

j_a_s · ‎Aug-26-2020

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks.

RandomName77 · ‎Aug-21-2023

I have come to the conclusion that Paypal just does not listen. Many many complaints in this thread are about auto login or payments being authorized without passwords and, @PayPal_Bindu, your response is yet anpther example of you, hence paypal, not willing to acknowledge the problem nor address the issue.

Many people are complaining about the automatic enablement of auto login; we never asked for it and were never given the choice to have it or not. On my account I cannot switch it off because anything to do with AutoLogin is not on the settings menu. Even when I explicitly follow support instructions, I come to a dead end.

I've followed the futil process of removing "trusted devices". As soon as you login to a device, it becomes a trusted device, even the one in the coffee shop!

Your response reads like you proposed solution "should work" or "give this a try" as if you are plucking things from fresh air.

Please @PayPal_Bindu and PayPal, take a good long look and a read of these complaints; they are serious and need addressing.

I have removed all payment devices from my account and have stopped using what was a perfectly good service.

JPT3 · ‎Dec-16-2023

This is the same advice that is given to me every time I go to support, which does nothing about the problem incidentally. it's just a copy/paste form letter response.

They know the problem.

The problem is that THEY/PAYPAL are turning on auto login and it's not a mistake, it's by design.

So what's the motive?

denniz1 · ‎Nov-05-2024

to the moderaters

you must know this security hole has been left open for a reason why reply with rubbish isn,t it better to just not reply

jimfrankfort · ‎May-28-2023

Thank you! Auto login now disabled for all devices. I guess time will tell if devices get recognized again. Thx again....jim

jimfrankfort · ‎Jun-25-2023

Still an issue. There doesn't appear to be a way to turn off OneTouch and have it stay off. Even though I have not enabled Auto Login ("Auto login is turned off for all devices") PayPal keeps on recognizing my browsers and turning it on for the recognized browser. Below is a snipit from the email I get. I don't want to have to repeatedly turn off auto login.....I think this is a bug, that increases my risk of being hacked.....really annoying too. Please report and fix.

Since we recognize this device, you’ll continue to stay logged in, so you can skip typing your password during certain activities such as check out.

For your security, we may occasionally ask you to re-enter your password.

If this is a shared device, or you don’t recognize device Desktop Chrome Windows, turn off the Trusted Device status here

Gaddus · ‎Jun-05-2023

My problem is the opposite (I think). I have in the past checked the recognised device option to avoid having to log in with 2FA-type message/app/email. However, it seems to me that every time my Firefox browser is updated to a new version, the machine on which it runs ceases to be recognised.

Is this the case? If so, it's a nuisance, as both the browsers I use get updated very regularly, and at ever-shorter intervals.

RolledGoaled · ‎May-31-2023

Somehow I had switched this off and it had stayed off, until tonight when I logged in the first time from a different computer, and now for a second purchase on one night it tells me it recognises me and I don't need to log in with a password or code. Sorry PayPal, but this is not how I want it to be. Password every time thanks. Where's that option? Please don't be presumptuous with other peoples' money!

RandomName77 · ‎Jul-09-2023

I'm afraid that PalPal don't care.

My complaint is now with the Financial Conduct Authority and I've deleted all my payment methods.

I raise the complaint with PP; I get automated responses back followed up by "we see you are not satisfied with our response"; then end up in an endless cycle of complaints which are not addresses. Some of the responsed from PP says my complaint was about "Cyrptocurrecny" which is never has been and never was.

It is clear to me that PP are just glossing over the issues, providing and understanding ear when you call but just don't want to address the underlying secuirty issue because it increases friction in using PP for payments.

PP are cleaver in providing this forum for users to "Vent" ask it keeps the complaints contained.

In conclusion, I would not hold out any hope that PP are going to respond to any customer's demands/requests/concerns.

Basantii · ‎Jul-09-2023

This keeps happening to me too. I can’t believe they are initiating auto login like this. Hopefully they will set up a way to turn it off permanently

Jim185 · ‎Jul-16-2023

I see this is a three year old message thread , but I just want to add that here in July 2023, it still happens every time I use my iPad and it’s the single most annoying thing I’ve ever encountered. To see a professional organization like PayPal not fix it is surprising. Eventually it will make me find another company to use. Even now , when PayPal is an option at checkout I am skipping it and using other choices or cards because of the annoyance. Just my two cents .

PayPal Community

Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

Haven't Found your Answer?