Forced password change

mmesford
New Community Member
Posted on
‎Jul-28-2018 12:33 PM

I just tried to buy something on eBay and when I tried to access PayPal I was told there was suspicious activity on my account and I needed to reset my password before I could login.  This seemed odd so I tried accessing PayPal directly, not through eBay. Same thing. I couldn’t access any support resources without logging in so I tried calling the help desk. No surprise, I couldn’t access anything meaningful without logging in. So I’ve given up and changed my password. I’ve looked at my account and I don’t see anything out of the ordinary. Where’s the suspicious activity? I find this kind of scare tactic approach to security really annoying. 

Labels:
Login to Me Too
Login to Reply or Kudo
5 REPLIES 5

Kimbob100
New Community Member
‎Aug-20-2018 06:05 AM
I would be interested to know more about this. The same thing has happened to me but only via the eBay App. It’s fine on the website version. At the minute I can’t complete any purchases on the app because I don’t trust the forced password update. I have however changed my password direct with PayPal to be in the safe side.
Login to Me Too
Login to Reply or Kudo

Willi_Jay
Contributor
Contributor
‎Sep-04-2018 05:49 PM

I'm getting fed-up of this "suspicious activity" message and am now seriously looking for an alternative payment method. To explain why I am fed-up:

I am a single person, living alone, housebound with serious mobility problems. I only leave the house twice a year so online facilities like PayPal are a real lifeline to me.

Every single thing I do online is done via my very secure home router and done on either my Windows 7 desktop or my Google Pixelbook. I never use smartphone apps for financial purposes and don't even have the PayPal app on phones or Tablets.

Tonight I received a regular start-of-month email from PayPal inviting me to review my recent activity and I clicked on the link to log in to my account.

*AGAIN* - the dreaded "suspicious activity" message, change your password. In the past I have sometimes been able to ignore that message by closing the browser, clearing cache and logging back in without any problems about "suspicious activity". This leads me to believe that these are unwarranted, spurious messages.

Tonight however, that did not work and I then had to crawl back through to my bedroom to retrieve my mobile phone as they wanted to send me a text to confirm I was me. After receiving the text I then did *another* password change and successfully logged in, meantime having to change the details in my password manager.

After logging in, there is no sign of "suspicious activity" and there is only my usual small payments to EBay over the past month.

To repeat, I am fed-up of this and intend either finding an alternative or closing my account and reverting to using my credit card direct.

I *never* have this trouble with two banks that I use and there are much bigger financial transactions carried on with them. Why cannot PayPal give some kind of indication of what this "suspicious activity" might be? Because there has been *no* such activity and it is their method of forcing password changes when *they* feel like it.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Johnsensei
New Community Member
‎Nov-28-2018 11:34 AM

I had this problem too and eventually gave up, changed the password and created a PIN as PayPal was forcing me to do. Then when all that was done it took me back to the log in page, I input the new password, and got the same message AGAIN! It seems like it's going to create a never-ending loop of changing the password without actually taking me to my account.

 

Also, there has been no suspicious activity on my account. I would have known by seeing any fraudulent charges in my credit card or bank accounts. I did link my PayPal account to serve as the payment method for some other services recently. But that's completely normal operations, nothing suspicious.

Login to Me Too
Login to Reply or Kudo

gadgenthu
New Community Member
‎Jul-16-2019 12:20 AM

I think I had the same problem.

 

I was asked to do a payment by my family and logged on using his PC.

After logging on, I was asked to change my password on the web UI.

 

This is a bit crazy to me because it is out of standard practice for security.

Usually when you find suspicious activity you should have '2-Step Verification'.

An e-mail should be sent with a link so that the person trying to access has the access to the mail box.

 

Forcing and allowing to change the password on the fly is crazy because if it was a hacker that person will be able to change the password even if he does not access to the registered mail box.

The true owner of the account will be informed about the password change by e-mail only after the fact.

 

Isn't this really weird?

 

Login to Me Too
Login to Reply or Kudo

manic_skeptic
Contributor
Contributor
‎Oct-13-2019 04:46 PM

Lawyers might consider this a smoking gun.

Either paypal have "cracked" your password too easily, and want you to choose something more secure...

or...

There may have (but can't be confirmed) been a breach...

or...

Someone has been caught trying to hijack your account by going though PayPal...

If there is "suspicious activity" and you cannot see it, it is because it may harm PayPal for you to see it.

It could be something as innocent as doing the right thing with sales tax and affecting a billing address check.

..or crossing a "number of devices" threshold, which is ridiculous as people use a great many devices nowadays.

.. or too many "new" devices in a short period of time, like a credit score they may keep a "security score" against your account.

 

It can't hurt to change your password regularly, but it is another MITM attack opportunity if forcing it becomes too familiar.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.