Major security flaw - the system keeps re-enabling auto login even after I keep turning it off
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks.
- Labels:
-
Login Issues
-
Profile & Settings
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is absolutely insane, and customer support is clueless. I'll call and try to explain for the tenth time that this is a shared computer, and I never want PayPal to automatically allow anyone to do anything without a password, and all they'll say is that their automated system decided to trust my computer and that I can remove the trusted computer by signing into my account, which obviously completely misses the point.
I guess the only way to prevent PayPal from letting others use my payment information without my password and without my permission is to simply remove all the payment methods from my account and stop using PayPal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@EilaGoss That is because this community site is not “Paypal” per se and has better security than Paypal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Every time I use Paypal for an online purchase, I get an email immediately afterwards telling me PayPal is keeping me logged in. Staying logged in to Paypal presents security issues for me, as my computer can be accessed by others in my household. It's like staying logged into a bank account, which no sane person would allow. I have called Paypal to complain about this close to a dozen times. Nothing is ever corrected, even though the kind person in the Phillipines assures me they will fix it. My question is: can I set my account to NEVER stay logged in? Second question: do you know an alternative to Paypal that I could switch to because this is driving me crazy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Considering it's two and a half years later and PayPal hasn't bothered to notice their users are complaining about a MAJOR FUNDAMENTAL SECURITY FLAW in their system, I'm thinking it may be time for legal action to wake them up. Are there any lawyers in the house who would like to discuss this?
I've been using PayPal for 23 years, and consider this to be one of the biggest problems I have ever encountered in dealing with them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, this is (still) very frustrating. But there is a solution (well, technically, a workaround):
Set up "2-step verification" (a.k.a., two-factor authentication or 2FA) and then leave "Trust This Device" unchecked each time you sign in.
Here are the steps:
- Go to PayPal.com
- Click on Settings (the cog or gear icon next to the bell icon at the top right)
- Click on Security
- Find "2-step verification" and click "Set up" (or if using a mobile browser, tap the edit icon)
While it might be annoying that each time you'll then have to sign in, retrieve a code, and enter it, I think it's better than having your account automatically logged in just because PayPal wants to you (and potentially unauthorized people) to spend your money without thinking.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you find a lawyer for this? Is it a class action suit? If so reply because I'm in with you and everyone else!
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- Turn off the "Quick Security Check" - It's NOT Quick! in Managing Account
- Is PayPal really willing to help when you lose your telephone number? in Managing Account
- Is there a way to auto turn off One Touch when PayPal turns it on without my permission? in Managing Account
- Failed Refund, Duplicate Debits, Unexplained Delays, and a Disheartening Culture in Transactions