Join 3,421 readers in helping fund MetaFilter (Hide)


Why does PayPal want me to have a crappy password?
August 10, 2012 1:02 PM   Subscribe

I'm trying to change my PayPal password. Normally I would copy-paste the new password in from KeepPass (or gedit), but PayPal disables copy-paste. That means I need to accurately type in a bunch of fiddly deliberately-hard-to-memorize characters, which only show up as asterisks, TWICE. Which apparently I am incapable of doing, whereupon PayPal kicks me out for two hours before letting me try again. Please help me figure out a workaround to solve this stupid problem.

I've Googled this and found a few relevant links, but nothing that lets me copy-paste.

KeePass Autotype successfully fills the field (again, asterisks), but then I get an error message saying the passwords don't match (?!). A Febuntu forum says copy-pasting out of gedit should work, but it doesn't for me: I still get the 'no copy-paste' error message.

Can anyone suggest a workaround for this?

Thanks.

(Oh and I am running Ubuntu 10.10 and using Chrome 17.)
posted by Susan PG to Computers & Internet (13 answers total) 1 user marked this as a favorite
 
Write down all the characters, type with one finger very deliberately and slowly, and cross off each character as you do so? Twice?
posted by xingcat at 1:08 PM on August 10, 2012 [2 favorites]


On Windows, I would solve the problem by writing a very simple AutoHotkey macro which will send the relevant keystroke commands to the system. The net effect would be the same as if I had typed the password myself.

On Linux, you could do the same with an AutoHotkey alternative. This thread mentions a few.

However, the fact that KeePass' auto-type magic fails to do the trick is exceedingly weird. Maybe the length of KeePass' automatic passwords are overflowing the Paypal limit in a non-obvious way?
posted by blue t-shirt at 1:11 PM on August 10, 2012 [1 favorite]


If you copy this:

javascript:void($("input").each(function() { this.onpaste = this.onbeforepaste = this.ondragenter = this.ondragover = this.ondrop = null; }));

and paste it in your address bar once you get to the password change page, it should re-enable copy and paste. Make sure that you have the "javascript:" prefix, as Chrome will strip that out when you paste into the address bar.
posted by Nonsteroidal Anti-Inflammatory Drug at 1:19 PM on August 10, 2012 [7 favorites]


Not a direct answer, but:

A password using only lowercase letters that's 12 characters long is just as hard to crack, pure brute-force-wise, as an 8 character password using any ASCII character. Likewise, a passphrase using upper and lowercase letters, numbers, and spaces only has to be 20% longer to be as secure as a random ASCII password.

This is assuming uniformly random passwords to avoid dictionary cracks and the like, which seems fine if you're using KeepPass.

Maybe it would be easier to type if you create a longer password with simpler characters?
posted by WasabiFlux at 1:19 PM on August 10, 2012


(Though you may want to rethink the wisdom of changing to a password that you're having this much trouble entering. Can you use something shorter or easier to type?)
posted by Nonsteroidal Anti-Inflammatory Drug at 1:20 PM on August 10, 2012


I use LastPass with the Chrome extension and I run into this problem frequently when trying to change passwords. It seems like the extension automatically fills the wrong fields and ends up making the passwords not match up. The key is to log out of the extension and enter all of the password fields manually and carefully.
posted by roomwithaview at 1:53 PM on August 10, 2012


With Chrome's built-in Developer Tools, you can enter the passwords directly into the input elements:

1. Ctrl+Shift+I brings up the dev tools console.
2. Right click on the password input and choose "Inspect Element." Or use the console's magnifying glass tool to do the same.
3. In the dev tools HTML source (DOM) pane, you should see the HTML for the input element. Doubleclick inside the line to give you a cursor, and paste in a new value attribute set to your password, enclosed in quotes. So value="yourpassword". Hit enter to commit the edit.
4. Repeat for the second password input.
posted by cowbellemoo at 1:54 PM on August 10, 2012 [3 favorites]


Have you tried ctrl+c and ctrl+v? or did you try right click, copy: right click, paste? I've used ctrl+v with Paypal before and it's worked.
posted by patheral at 2:57 PM on August 10, 2012 [1 favorite]


Sorry, the ctrl+c is for Windows. I keep forgetting that people have other operating systems.
posted by patheral at 2:59 PM on August 10, 2012


In KeePass, if you are using Autotype, it is entering this when you try to "autotype" the two matching passwords:

{USERNAME}{TAB}{PASSWORD}{ENTER}

So that is why they do not match - one of them is your username. Of course can't tell because of the asterisk thing.

You could make this work in KeePass by (temporarily) changing the autotype settings under the autotype tab that you see when you double-click to 'edit entry' for your paypal entry.

I would click "override default sequence" on the autotype tab and then change it to simply:

{PASSWORD}

Then in Paypal you put the cursor in the first password field, to KeePass's autotype command. It fills in the one field with the password.

Then put the cursor in the 2nd password field, again do KeePass's autotype command, and now that one is filled with the same password.

Then proceed with submitting the form or whatever as usual.

Then go back into KeePass autotype tab and change it back to "inherit default auto-type sequence".
posted by flug at 3:39 PM on August 10, 2012 [3 favorites]


I can't remember if Chrome does, but I know Firefox has a JavaScript Advanced Setting that keeps websites from disabling right-click and other useful things. Have you tried this?
posted by nicebookrack at 3:53 PM on August 10, 2012 [1 favorite]


I have no real solution for automating your PP password, but would suggest coming up with one that you can remember and type or copy/paste from a text file if you choose.

The reason is simple: PayPal is notorious for lockouts, account suspensions, buggy front end, back end data that you thought was removed but reappears, ill trained staff etc etc etc. In short, PP is a minefield of reasons that can keep you away from your money for hours, weeks or even months (when they get really pissy).

99% of the time, the solutions up-thread work fine and are reliable. However, those solutions assume they are to be used with a company that actually does not conduct business like it is a drunk crackhead. PP seemingly lives to lock out people. They can be fine for a while and then they go get into "we hate the world" mode.

My solution for this particular scenario: memorize strong password and type it in. If history is any predictor and you are repeated issues as you detailed, it is only a matter of time before PP throws the hammer down on your account.

I know you want automation, but dealings with PP defy logic. From my experience of many many years with them, better to stick with the simplest, most direct solution.
posted by lampshade at 4:15 PM on August 10, 2012 [2 favorites]


I joined to thank cowbellemoo. CTRL+Shift+J worked in chrome, allowing me to edit the javascript directly. their comment with full directions here:
http://ask.metafilter.com/221964/Why-does-PayPal-want-me-to-have-a-crappy-password#3208986

things i cannot stand: websites telling me how i'm going to use them.
posted by Hardware Guy at 8:36 PM on December 23, 2012


« Older I was just offered a job in Lo...   |  I want to surprise my boyfrien... Newer »
This thread is closed to new comments.