Password security

Having a secure and unique password for each of your online accounts is critically important. If a scammer gets just one password, they can begin to access your other accounts. That’s why it’s important to have a strong and unique password for your PayPal account


Use unique passwords

Using the same password across multiple websites is also a security issue. Statistics show that the majority of people use three or fewer passwords across twenty or more Internet accounts. This means that a password is only as secure as the weakest Internet site that the user visits.

At PayPal, we use the best industry standard techniques to make sure passwords are secure, and we train our personnel in best security practices.

Strong passwords

Strong passwords have the following characteristics:

  • More than 8 characters long.
  • Use lower case, upper case, a number, and a special character (like ~!@#$%^&*()_+=?><.,/).
  • Not a word or date associated with you (like a pet’s name, family names, or birth dates).
  • A combination of words with unusual capitalization, numbers, and special characters interspersed. Misspelled words are stronger because they are not in the dictionary used by attackers.
  • Something you can remember.

We use a password strength checker to help make sure new passwords are strong.

Managing multiple passwords

The more passwords you have to remember, the greater the risk you'll forget some of them. However, using the same password for multiple sites puts you at risk. So how can you avoid forgetting passwords?

One good way of keeping multiple passwords is writing them down and keeping them somewhere safe. You can use complex passwords that are different from each other, and you don't face the risk of forgetting them. Of course, you don't want to write them down in their entirety, or you risk somebody stealing or viewing your list of passwords.

To avoid compromising your security if somebody gets a hold of your password list, don't write the passwords in their entirety. Memorize one part and write down the other. You can use the memorized part of your passwords for several accounts to help make it easier to remember; only the written parts would be different. This method will help you create specific passwords for different websites without the trouble of having to memorize every one of them.

Of course, it's not enough for either part of your passwords to be just a few characters long. That would make it too easy to guess or to test all possibilities. So make each part at least 6 characters in length. And don't forget to keep a copy of the list somewhere safe – just in case.

Don’t keep the password list in your wallet. If a thief were to steal your wallet, they'd get your personal information as well as access to your important accounts. If you need to carry the list with you, consider a password keeper app for your smartphone. Of course, you should use a strong, unique, memorable password for the app.

Changing your password

Normally, there should be no reason to change your password. But there are a few cases where it's a good precaution. For example:

  • You notice something suspicious on your PayPal account.
  • You suspect that someone you don’t trust has your password.
  • You notice something suspicious in your email account or other online accounts.
  • You have recently removed malware from your system.
  • PayPal asks you to change your password.

If one of these occurs, change your Password and security questions immediately. You can change these under personal settings.

If you receive an email asking you to change your password, it could be a case of phishing. Instead of clicking on a suspect link in an email, just log into your PayPal account by manually typing the URL. Click on the Profile icon, and then on Security. You will find the password and security questions on this page.