I am very frustrated with the method of changing passwords. I have a password generator that creates extremely complicated random passwords and use this for all of my very sensitive online accounts. The generator allows me to create and update passwords on a regular basis, giving me the best security I can manage.
Very upsetting is that paypal does not allow me to copy and paste these passwords that are exceptionally secure. Instead Paypal requires that I manually input them. I tried several times, but because they are so random--20 characters long, with numbers, letters, and symbols--I made mistakes. I can't even tell when I am making a mistake because Paypal hides each entry stroke.
As a result, I feel compelled to use a simple password that I can remember. It is ridiculous that Paypal won't let me copy and paste my very secure random passwords for accuracy. My account is less secure because of this IMHO very stupid policy.
I would be interested in the rationale behind this stupid policy. Maybe there is some reason that Paypal doesn't want to allow copying and pasting. I can't think of one.
I have noticed a similar issue on various websites over the years, and found that some of those sites will allow copy/paste of passwords and confirming passwords if done with the old DOS keyboard shortcuts Ctrl-A (select All), Ctrl-C (Copy) and Ctrl-V (Paste), rather than with a mouse (or other pointing device) and GUI menu selections.
I don't think there is always an actual company 'policy' involved, it is likely just the way the particular page was built by a web designer, and perhaps how or when they learned/started doing such things.