Major security flaw - the system keeps re-enabling auto login even after I keep turning it off
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks.
- Labels:
-
Login Issues
-
Profile & Settings
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got an email about this earlier today. I called to complain and then got it again this evening. This is REALLY bad!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm having the same issue. I never want to stay logged in on ANY device, especially as I utilize two separate accounts (my personal account and a shared business account). Now, every single time II make a payment with the personal account, I receive the same IMBECILIC email letting me know they have AGAIN enabled Auto Login:
"We've made it easier for you to check out with PayPal
Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout."
There is no way to stop PayPal from doing this, and the beyond useless customer service department is of zero help as always.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was having the same problem for the past week or two. I solved it today by going into my browser settings and deleting all cookies from domains whose names contain "paypal".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've had this happen to me several times since I started using Ebay & PayPal as my first choice for shopping about a year and half ago. PayPal keeps defaulting an option to turn it on when you check out. The option has been displayed a few different ways so you really have to be diligent to protect yourself. A few times I apparently didn't catch it or it wasn't there and it got turned back on.
I absolutely, positively, unequivocally would never, ever, ever want this on under any circumstance! As a matter of principle and basic security, I want my decision to pay with PayPal to require an explicit login every time I check out. This is as much of a common sense practice as not allowing your web browser to save passwords. I'm appalled that PayPal is tricking people into turning off their security.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here. I've been going round and round and round and round with the insipid PayPal customer service dept. messaging system for the past month. They keep suggesting I turn it off myself, but that's not the issue - I DON'T EVER WANT IT ON and there should be a lock or other preference to prevent PayPal from turning it back on. This is beyond ridiculous...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem happening with my business account. Looking into switching entirely away from PayPal after 12 years. The lack of response on this from their customer service department is unacceptable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I share all the same sentiments of comments above. This is a security breach and poor form for PayPal not to respond to these messages.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Agreed - this seriously undermines my trust in PayPal. What could they possibly be thinking?
Actually, they had a similarly ridiculous default for "Bill Me Later" some years ago where they changed the default payment method without user permission, made it hard to change back, and then had it programmed to keep reverting back to their preference (Bill Me Later) instead of the user's preference (credit card, in my case). I almost closed my account at that time, but instead decided to just use it less, and to never again use "Bill Me Later" (now "PayPal Credit"). I'm sorry to smell the same scent of deceitfulness and self-serving greed behind this move as well.
Anyway, as a work-around until they take their fingers our of their ears and get around to making changes, I believe setting up two-factor authorization (2FA) for your account will help. At least then it's harder for someone else to place orders and it will give you a moment to pause and rethink that impulse purchase. Come to think of it, maybe it's the latter they are trying to manipulate here (under the guise of "customer convenience" and/or "economic stimulus", of course).
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Turn off the "Quick Security Check" - It's NOT Quick! in Managing Account
- Is PayPal really willing to help when you lose your telephone number? in Managing Account
- Is there a way to auto turn off One Touch when PayPal turns it on without my permission? in Managing Account
- Failed Refund, Duplicate Debits, Unexplained Delays, and a Disheartening Culture in Transactions