Perhaps you should take time to read the actual complaint/question before simply cutting and pasting your canned FUD response. Your argument about protecting against brute force is a joke since the ONLY place that PayPal doesn't allow pasting the password is in the 2 New Password fields on the Edit Password page. I can paste, & by your logic brute force attack, any account from the login screen. If they are at this screen, they have already compromised your account and are simply changing the password for their future use. I manually typed in a password which I created using 1Passord. I would have typed in the >40 character password I was going to use, but got a big red warning that I had reached the maximum allowable characters when I hit 20. PayPal has access to my money, and the MAXIMUM number of characters I can make a password is 20!? That is simply terrible security. If you were serious about stopping brute force attacks then that is the very first thing you would change. Once I typed it in 2x manually, I can now happily use my 20 character runty password on any other login page at PayPal by pasting it in the box. It appears that PayPal actually wants to make it easier to brute force attack them. Since there are over 1500 views on this topic, it is clearly something that PayPal should address directly. Where are the real PayPal employees? Finally - I'd like a reference to the page where "Apple does the same thing." I have never run into that on any of Apple's sites, developer or otherwise.
... View more