Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

j_a_s
Contributor
Contributor
Posted on
‎Aug-26-2020 01:36 PM

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks. 

Login to Me Too
Login to Reply or Kudo
132 REPLIES 132

blanes
New Community Member
‎Jul-07-2022 10:39 PM
This issue still exists. It is inexcusable that some manager at Paypal does not fix this urgently. I have rung them several times and told they will rectify it but never do. I wish they could be fined or otherwise penalised because this is a setious disservice to customers who do NOT want this feature. Whoever designed it should be fired ! Absolute morons !!!! So bloody angry about this.
Login to Me Too
Login to Reply or Kudo

LavaTraction
Contributor
Contributor
‎Jul-24-2022 10:44 AM

Every time I use Paypal for an online purchase, I get an email immediately afterwards telling me PayPal is keeping me logged in. Staying logged in to Paypal presents security issues for me, as my computer can be accessed by others in my household. It's like staying logged into a bank account, which no sane person would allow. I have called Paypal to complain about this close to a dozen times. Nothing is ever corrected, even though the kind person in the Phillipines assures me they will fix it. My question is: can I set my account to NEVER stay logged in? Second question: do you know an alternative to Paypal that I could switch to because this is driving me crazy.

Login to Me Too
Login to Reply or Kudo

denniz1
Contributor
Contributor
‎Nov-05-2024 12:18 AM

this security hole has been left open for a reason one can only speculate why

Login to Me Too
Login to Reply or Kudo

Annette22
Contributor
Contributor
‎Nov-10-2022 04:48 PM
I agree. If my phone is stolen they could go shopping. I guess I could take PayPal to the Small Claims Tribunal which costs me nothing, no lawyers allowed and is for claims up to $25k. PayPal: You offer a fantastic service. I am so glad you exist. Please please fix this as a priority.
Login to Me Too
Login to Reply or Kudo

jasong222
Contributor
Contributor
‎Nov-15-2022 02:42 PM

Still happening.  Will severely limiting paypal use until this get's fixed.

Login to Me Too
Login to Reply or Kudo

wfredk
Member
Member
‎Dec-13-2022 12:40 PM

Considering it's two and a half years later and PayPal hasn't bothered to notice their users are complaining about a MAJOR FUNDAMENTAL SECURITY FLAW in their system, I'm thinking it may be time for legal action to wake them up.  Are there any lawyers in the house who would like to discuss this?

 

I've been using PayPal for 23 years, and consider this to be one of the biggest problems I have ever encountered in dealing with them.

Login to Me Too
Login to Reply or Kudo

cnayr
Contributor
Contributor
‎Dec-13-2022 10:33 PM

Yes, this is (still) very frustrating. But there is a solution (well, technically, a workaround):

Set up "2-step verification" (a.k.a., two-factor authentication or 2FA) and then leave "Trust This Device" unchecked each time you sign in.

Here are the steps:

  1. Go to PayPal.com
  2. Click on Settings (the cog or gear icon next to the bell icon at the top right)
  3. Click on Security
  4. Find "2-step verification" and click "Set up" (or if using a mobile browser, tap the edit icon)

While it might be annoying that each time you'll then have to sign in, retrieve a code, and enter it, I think it's better than having your account automatically logged in just because PayPal wants to you (and potentially unauthorized people) to spend your money without thinking.

Login to Me Too
Login to Reply or Kudo

Cyber-Master
Contributor
Contributor
‎Aug-08-2023 03:14 PM

Did you find a lawyer for this? Is it a class action suit? If so reply because I'm in with you and everyone else!

Login to Me Too
Login to Reply or Kudo

denniz1
Contributor
Contributor
‎Nov-05-2024 12:22 AM

this security hole has been left open for a reason, one can only speculate why but i,m sure it must make them money, so sacrifice security to make money, sounds reasonable

Login to Me Too
Login to Reply or Kudo

EilaGoss
Contributor
Contributor
‎Dec-14-2022 03:25 AM
Thank you. Been an issue for years. It's like banging your head against a wall. Should be an option to turn off altogether- or something like do not ask again option.
Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.