cancel
Showing results for 
Search instead for 
Did you mean: 

Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

Highlighted
Contributor

Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

I've been dealing with customer support all day over this issue and they say they can do nothing but I want to raise it here as well since it's a major security flaw. Paypal is a financial site and therefore security controls should be very strong. I always log out whenever I complete a transaction and I never click the "stay logged in" button that's always presented. Now, every time I log in, I get an email saying "We've made it easier for you to check out with PayPal. Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout! ... If this is a shared device, or you don't want us to automatically log you in, we recommend that you turn this feature off." I go in and manually turn the feature off. Then the next time I log in to make a transaction, I get the same email again, the feature is re-enabled again, and I have to go in to manually turn it off again. This is totally unacceptable. I'm the only one who should be able to determine if my device is trusted and and if I want to enable auto login. I was told that there's nothing they can do and that I'll simply have to manually disable the feature every time. This is a major security flaw and it's a big deal. I was told that my concern has been escalated but I'm posting this here in the hopes of raising the visibility of this issue. Thanks. 

5 REPLIES 5
Highlighted
Contributor

Re: Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

I have the same problem -- you are right -- this is unacceptable. I turn off the auto enable login on my phone, then do a test -- go to a site, place an order and enter paypal to pay and it processes immediately without asking for my password. HUGE SECURITY FLAW THAT REQUIRES IMMEDIATE ATTENTION AND RESPONSE

Highlighted
New Community Member

Re: Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

Strongly agree that this needs to be fixed.  I have turned off this "feature" at least a half dozen times now.  Shouldn't be difficult to add a "non-consent" ("No, and don't ask again") indicator to the account.

Highlighted
Contributor

Re: Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

I have the same problem. IT IS A SIGNIFICANT SECURITY ISSUE that is also very annoying. If a customer has gone to the trouble of logging to turn this "feature" off why is PayPal then turning it back on? PayPal has this backwards. This is a dangerous feature that should requires an opt-in with due warnings about the obvious risks.

Highlighted
New Community Member

Re: Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

I got an email about this earlier today.  I called to complain and then got it again this evening.  This is REALLY bad!

Highlighted

Re: Major security flaw - the system keeps re-enabling auto login even after I keep turning it off

I'm having the same issue. I never want to stay logged in on ANY device, especially as I utilize two separate accounts (my personal account and a shared business account). Now, every single time II make a payment with the personal account, I receive the same IMBECILIC email letting me know they have AGAIN enabled Auto Login:

 

"We've made it easier for you to check out with PayPal

Since we recognize this device, we'll automatically log you in so you can skip typing your password at checkout."

 

There is no way to stop PayPal from doing this, and the beyond useless customer service department is of zero help as always.